SECURAAI - PROJECT FERAL

OpenClaw Threat DashboardPHASE I.5

Executive summary of 10 identified threats with real-world validation, patch coverage analysis, and MITRE ATLAS integration. Updated February 2026.

Source: MITRE ATLAS OpenClaw Investigation | Report: 26-00176-1 | Published: February 9, 2026

3
Critical Threats
4
High Threats
3
Medium Threats
7
Validated in Wild
4
MITRE Case Studies
MITRE ATLAS Case Studies (Jan-Feb 2026)
AML.CS0048
Exposed Control Interfaces - Credential Access
January 25, 2026
View Case Study →
AML.CS0049
Supply Chain via Poisoned Skill (ClawdHub)
January 26, 2026
View Case Study →
AML.CS0050
One-Click RCE (CVE-2026-25253)
February 1, 2026
View Case Study →
AML.CS0051
C2 via Indirect Prompt Injection (HiddenLayer)
February 3, 2026
View Case Study →
Patch Coverage
Significantly Mitigated 2
Partially Mitigated 8
Fully Mitigated 0
Severity Changes (Phase I.5)
OC-T05 Supply Chain HIGH → CRIT
OC-T03 Credential Exposure CRIT → HIGH
Key Incidents
CVE-2026-25253 (CVSS 8.8) Patched
ClawHavoc (335 skills) Active
135K+ Exposed Instances Ongoing
Threat Enumeration
ID Threat Severity Patch Status Validated ATLAS Frameworks
CSA MAESTRO Coverage
L1 Foundation
3
L2 Data Ops
5
L3 Agent
8
L4 Tools
4
L5 Orchestr
2
L6 Deploy
2
L7 Ecosystem
5
OWASP ASI Top 10 Coverage
ASI01 Goal Hijack
1
ASI02 Tool Misuse
5
ASI03 Identity
3
ASI04 Supply Chain
1
ASI05 Code Exec
1
ASI06 Memory
1
ASI07-10
6
MITRE ATLAS Techniques (Official)
T0051 Prompt Inj
2
T0033 Tool Invoke
6
T0080 Context Poison
2
T0081 Modify Config
3
T0155 Escape to Host
1
T0083/98 Credentials
3
T0010 Supply Chain
1
Open Threat Browser Hardening Guide ATLAS Mapping Delta Analysis Join Phase II
SecuraAI - Project Feral - Phase I.5 - February 2026 - MITRE ATLAS Source: 26-00176-1 - CC BY-NC-SA 4.0