BETAmodules.com is in beta — open to partnerships & joint ventures.Build with us
modules.com
⌘K

clawdbot

v2026.1.24-3npm· JavaScript

WhatsApp gateway CLI (Baileys web) with Pi RPC agent

The verdict
Has 11 high-severity advisories. Verify a patched version exists before using. Check the OSV link for the fixed-in version.
Check the OSV link for the fixed-in version.
Live from the npm registry · derived rules, not AI
How it scores
MaintenanceHealthy
PopularityNiche
Security11 advisories
LicensePermissive
DepsHeavy
Maintenance
Last published 4 months ago.
Popularity
15K downloads / week
Security
11 known advisories (worst: high severity).
License
MIT
Dependencies
53 direct dependencies
Security advisories
Live from OSV.dev · cached 24h
  • HIGH
    OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
    GHSA-3fqr-4cg8-h96q Published 2026-02-18
  • HIGH
    OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
    GHSA-g8p2-7wf7-98mq Fixed in 2026.1.29Published 2026-02-02
  • HIGH
    OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
    GHSA-mc68-q9jw-2h3v Fixed in 2026.1.29Published 2026-02-02
  • HIGH
    OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand
    GHSA-q284-4pvr-m585 Fixed in 2026.1.29Published 2026-02-02
  • HIGH
    OpenClaw affected by denial of service via unbounded webhook request body buffering
    GHSA-q447-rj3r-2cgh Published 2026-02-18
  • HIGH
    OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
    GHSA-rq6g-px6m-c248 Published 2026-02-18
  • MEDIUM
    OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities
    GHSA-g34w-4xqq-h79m Fixed in 2026.2.14Published 2026-02-18
  • MEDIUM
    OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
    GHSA-h89v-j3x9-8wqj Published 2026-02-18
  • MEDIUM
    OpenClaw Telegram allowlist authorization accepted mutable usernames
    GHSA-mj5r-hh7j-4gxf Published 2026-02-18
  • MEDIUM
    OpenClaw: denial of service through large base64 media files allocating large buffers before limit checks
    GHSA-w2cg-vxx6-5xjg Published 2026-02-18
  • LOW
    OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
    GHSA-chm2-m3w2-wcxm Published 2026-02-17
Recent releases
  • 2026.1.24-34 months ago
  • 2026.1.24-24 months ago
  • 2026.1.24-14 months ago
  • 2026.1.244 months ago
  • 2026.1.23-14 months ago
  • 2026.1.234 months ago
  • 2026.1.224 months ago
  • 2026.1.21-24 months ago