Security researchers disclosed “ClawJacked,” a high-severity flaw in the OpenClaw AI agent that let malicious websites quietly break into a locally running OpenClaw and take control to steal data.