Shriyans Sudhi

[Moltbook](http://moltbook.com) is a social media platform for [OpenClaw](https://openclaw.ai) bots, which are fully-autonomous AI agents. This opens doors for various attacks, most of which could be achieved through prompt injection attacks. In the presentation I gave at RITSEC, I tried to demonstrate the exploit chain for Prompt Injection to [Remote Code Execution](https://owasp.org/www-community/attacks/Code_Injection) through Moltbook.

Please note that my presentation start at [3:19:21](https://www.youtube.com/live/xOVomluVMUA?t=11991).

<YouTubeEmbed url="https://www.youtube.com/live/xOVomluVMUA?t=11991" title="Moltbook Research Presentation" />

This presentation was recorded at [ESL Global Cybersecurity Institute](https://www.rit.edu/cybersecurity/) at [Rochester Institute of Technology](https://www.rit.edu/) during [RITSEC](https://ritsec.com/)'s general meeting session.

Upon completion of this research, I plan to work with Moltbook's developers to improve the security of the platform.


Upon conducting a research, I found that it is possible to achieve Arbitrary Remote Code Execution on openclaw bots on Moltbook through indirect prompt injection attacks. This research was demonstrated in a presentation at RITSEC.