We Built a Detector for the Oasis WebSocket Hijack in 4 Hours (ClawMoat v0.7.1)

Oasis Security published research today showing that any website can silently take full control of an OpenClaw agent via localhost WebSocket. Zero-click. No plugins needed. We shipped ClawMoat v0.7.1 with a new GatewayMonitor module to detect this exact attack pattern. 25 new tests, 205 total, still zero dependencies. What the Attack Does You visit a website JavaScript opens WebSocket to localhost:18789 Brute-forces your gateway password (rate limiter exempts localhost!) Auto-registers as trusted device (no user prompt for localhost!) Full agent control: messages, files, shell commands Video PoC What ClawMoat v0.7.1 Detects 1. Brute-Force Authentication const { GatewayMonitor } = require ( ' clawmoat ' ); const monitor = new GatewayMonitor ({ bruteForceThreshold : 10 , onAlert : ( alert ) => { console . error ( ' ALERT: ' , alert . message ); } }); // Hook into auth handler monitor . recordAuthAttempt ({ source : req . ip , success : false , origin : req . headers . origin // detects c

We Built a Detector for the Oasis WebSocket Hijack in 4 Hours (ClawMoat v0.7.1)

Related Articles

Qwen3.5-Omni: Vibe Coding Gets a New Twist! Write Code by Talking to Your Camera

Why users abandon your app mid-task

Litter-Robot Promo Codes and Deals: Up to $150 Off

Mutable, Immutable… everything is an object!

PS6 Price Could Cross $1,000 — And RAM Is a Big Reason Why

Related Articles

News
Qwen3.5-Omni: Vibe Coding Gets a New Twist! Write Code by Talking to Your Camera
Medium Programming • 1d ago

News
Why users abandon your app mid-task
Medium Programming • 1d ago

News
Litter-Robot Promo Codes and Deals: Up to $150 Off
Wired • 1d ago

News
Mutable, Immutable… everything is an object!
Medium Programming • 1d ago

News
PS6 Price Could Cross $1,000 — And RAM Is a Big Reason Why
Medium Programming • 1d ago