Update known-cves.json with Moltbook and Docker sandbox CVEs #12
Description
Summary
The references/known-cves.json currently contains 3 CVEs. The forensic analysis references these same CVEs but also documents additional security incidents that should either be tracked as CVEs (if assigned) or as advisory entries for version checking.
Current State
[
{ "id": "CVE-2026-25253", "title": "1-Click RCE via auth token exfiltration" },
{ "id": "CVE-2026-24763", "title": "Command injection in Docker sandbox" },
{ "id": "CVE-2026-25157", "title": "OS command injection via SSH project path" }
]Proposed Additions
1. Moltbook/Supabase Data Exposure
While not a traditional CVE, this warrants a security advisory entry:
{
"id": "ADV-2026-001",
"severity": "critical",
"cvss": 9.1,
"title": "Moltbook Supabase database exposure -- 1.5M tokens leaked",
"fixed_in": "N/A (third-party service)",
"description": "Moltbook exposed its entire Supabase production database via a publicly accessible API key on the frontend. 1.5M API tokens and 35K email addresses were leaked. Any OpenClaw agent that interacted with Moltbook may have had its credentials exposed.",
"affected_component": "moltbook integration",
"references": [
"https://www.wiz.io/blog/moltbook-supabase-breach"
],
"check_guidance": "If the OpenClaw instance ever connected to Moltbook, rotate ALL API keys and tokens immediately."
}2. Inter-Agent Prompt Injection Worm
{
"id": "ADV-2026-002",
"severity": "high",
"cvss": 7.5,
"title": "Inter-agent prompt injection via Moltbook posts",
"fixed_in": "N/A (architectural)",
"description": "Malicious bots on Moltbook posted prompt injection payloads that compromised any OpenClaw agent reading the posts. This created a wormable attack surface where one infected agent could compromise all followers.",
"affected_component": "agent social network integration",
"references": [],
"check_guidance": "Disable or sandbox any social network integrations. Implement output sanitization for inter-agent communication."
}3. ClawHub Maintainer Account Compromise
{
"id": "ADV-2026-003",
"severity": "critical",
"cvss": 9.8,
"title": "ClawHub maintainer account compromise -- backdoored skills published",
"fixed_in": "N/A (registry-side)",
"description": "Attackers gained access to a ClawHub maintainer account and published backdoored versions of popular skills. Users who updated without verifying hashes received compromised code.",
"affected_component": "clawhub skill registry",
"references": [],
"check_guidance": "Verify skill hashes against known-good values. Enable CHK-SUP-003 and CHK-SUP-006 checks."
}Schema Extension
The current CVE schema is:
{
"id": "string",
"severity": "string",
"cvss": "number",
"title": "string",
"fixed_in": "string",
"description": "string",
"references": ["string"]
}Proposed additions:
{
"id": "string",
"severity": "string",
"cvss": "number",
"title": "string",
"fixed_in": "string",
"description": "string",
"affected_component": "string", // NEW: which component is affected
"references": ["string"],
"check_guidance": "string" // NEW: what to do if affected
}Impact on scan_cves.sh
The CVE scanner should be updated to:
- Check for Moltbook integration configs and warn if present
- Check for ClawHub-sourced skills without hash verification
- Support the
ADV-*advisory ID prefix in addition toCVE-*
References
- Forensic analysis: "The 72-Hour Implosion" timeline
- Forensic analysis: "Moltbook: The Risks of Bot Socialization"
- Forensic analysis: "ClawHub Compromise" incident
references/threat-model.mdsection 3: Real-World Incidents