Hello and welcome to the Wednesday, February 4th, 2026 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu graduate certificate program in cyber defense operations.

Well, yesterday I talked a lot about open claw. So as a follow-up today, I wrote a quick post on how to detect, also a little bit on how to secure open claw.

The detection comes thanks to Gnostic. Gzik is a company that sort of works on

products to secure AI usage. There are two scripts that they published. One is fairly

straightforward. It just detects if open claw is installed by looking for common locations associated with open claw

like configuration files and the like and the binary itself. The second part is, I think, more

interesting, and that's open claw telemetry. And what this does is, if you have open claw

installed, open claw telemetry. And what this does is if you have open claw installed, open claw

telemetry will essentially log all the commands being executed by open claw, all the prompts,

and basically all the interactions that the user may have with open claw, but also interactions

open claw has with the various service it's connected to,

and these can then be collected via SISLog and other tools.

That's actually a plugin for OpenClaw itself.

So I highly recommend this if you are using OpenClaw,

because it will give you more transparency in what actually happens.

The remaining links are some links to open clause documentation

about how to secure it, how to run it in a sandbox, and then sort of some basic prompt hardening

tricks that you can use to likely make it more difficult to exploit any prompt injection.

Well, and remember, I think it was about a week or two ago where we had this critical flaw in TelnetD,

if it's installed with Inat D.

...