Blog
Security Research

Stop Running OpenClaw With 2,000+ CVEs: Why the Minimus OpenClaw Image Has 99% Fewer CVEs

By
Assaf Shapira
 and
Gal Shafrir
February 19, 2026
Share this post

TL;DR: we created a minimized OpenClaw container image that contains 99% less vulnerabilities than the original one. The functionality is exactly the same. The image is regularly updated and is released for free. You can start using it now.

docker pull us-docker.pkg.dev/prod-375107/minimus-public/openclaw:latest

Why Run Your Own AI Assistant?

OpenClaw lets you have Claude, GPT, or other AI models available on your messaging apps (WhatsApp, Telegram, Discord, Slack)  without sending everything through third-party services. This is great if you want to control your data and  own the infrastructure. However, it also means giving an application deep access to your accounts. With that level of access, OpenClaw can take action on your behalf, acting like a true personal assistant with capabilities far beyond that of today’s AI chat services.  

Why Security Matters for Your Personal AI

The power of OpenClaw comes from the connections it has to your accounts and system.  To function fully, OpenClaw requires access to:

  • Your messaging channels
  • Your personal AI API keys (Claude, GPT, etc.)
  • Read/write files in your workspace
  • Execute commands on your system
  • Run in your homelab/network or a VPS

With this level of access to your life, security needs to be at the forefront of any OpenClaw installation to ensure that attackers can’t compromise your system, exfiltrate your sensitive data, or prompt OpenClaw into malicious action.  

The Problem With Current OpenClaw Container Images

One of the most common ways to run OpenClaw is in a container, and there are several popular distributions for doing so. Our Minimus Labs research team ran CVE scans on these distributions and the results were…not great.

Vulnerability Comparison

Image Source Base OS Total CVEs Critical High Medium
Official GHCR ⚠️ Debian 12 2,062 ❌ 7 ❌ 233 ❌ 928 ❌
1panel/openclaw ⚠️ Debian 12 2,054 ❌ 7 ❌ 242 ❌ 907 ❌
alpine/openclaw ⚠️ Debian 12* 1,156 ❌ 7 ❌ 242 ❌ 907 ❌
Self-Built (node:22) Debian 12 ~800 ❌ 5 ❌ 150+ ❌ 600+ ❌
Minimus Distroless 7 ✅ 0 ✅ 4 ⚠️ 3 ⚠️

Important: The "official" OpenClaw image from GitHub Container Registry has 2,062 known CVEs, even more than Docker Hub versions!

Plot twist: alpine/openclaw isn't even Alpine Linux - it's Debian 12 with 1,156 vulnerabilities! You can verify this yourself: docker run --rm alpine/openclaw cat /etc/os-release

Note: These are snapshot numbers from today’s scan. CVE counts change as new vulnerabilities are discovered and patched.

Why Choose Minimus’ OpenClaw Image?

Security Comparison

Feature Docker Hub Self-Built Minimus
Total Vulnerabilities 1,156 ~800 7 ✅
Critical CVEs 7 5 0 ✅
OS Vulnerabilities 1,000+ 750+ 0 ✅
Attack Surface Large Medium Minimal ✅
Update Frequency Weekly Manual Automatically ✅
Security Scanning Basic None Automated ✅
Build Transparency Low Medium High ✅
Enterprise Support No No Yes ✅

The Minimus OpenClaw image has many improvements over the official image, including:

1. 99% Fewer Vulnerabilities

  • Docker Hub: 1,156 CVEs, 7 critical
  • Minimus: 7 CVEs, 0 critical
    • Note that the remaining vulnerabilities are all in npm packages like pnpm and tar, normal for any Node.js app, and easily updated with our regular builds.
  • Zero OS-level security issues

2. Periodic Automated Builds

  • Latest OpenClaw features
  • Security patches applied automatically
  • Fresh vulnerability scans
  • Just pull a new image

3. Minimal Attack Surface

  • Purpose-built distroless container image
  • Only essential packages (~50 vs 400+) and a significantly reduced image size (Only 2.23 GB)
  • Reduced exploitation opportunities
  • Faster security reviews

Comparing this to the Docker Hub / GHCR image:

  • Full Debian with 400+ packages you'll never use
  • 1,000+ known OS vulnerabilities
  • Built for "enterprise" but running in your homelab 
  • 4 GB of bloat

Real-World Impact: A Look at Popular OpenClaw Images vs. Minimus OpenClaw

To illustrate the security gap, we scanned several widely used OpenClaw container images and compared them directly with the Minimus image:

Official GHCR (ghcr.io/openclaw/openclaw)

Scan Results:
├── 2,062 TOTAL vulnerabilities  ❌❌❌
├── 7 CRITICAL vulnerabilities   ❌
├── 233 HIGH vulnerabilities     ❌
├── 928 MEDIUM vulnerabilities   ❌
├── 890 LOW vulnerabilities      ❌
└── 413 OS packages to track     ❌

Base OS: Debian 12.13 (bookworm)
Image Size: 4.66 GB

Security Posture: EXTREMELY POOR
Recommendation: AVOID - Being "official" does NOT mean secure

Critical Issues:
├── CVE-2025-7458: SQLite integer overflow (NO FIX)
├── CVE-2023-45853: zlib heap buffer overflow (NO FIX)
├── CVE-2023-6879: libaom heap overflow (NO FIX)
├── CVE-2023-5841: OpenEXR heap overflow (NO FIX)
├── CVE-2025-48384/48385: Git arbitrary code execution (NO FIX)
└── CVE-2026-0861: glibc integer overflow (NO FIX)

1panel/openclaw (WORST)

Scan Results:
├── 2,054 TOTAL vulnerabilities  ❌❌❌
├── 7 CRITICAL vulnerabilities   ❌
├── 242 HIGH vulnerabilities     ❌
├── 907 MEDIUM vulnerabilities   ❌
├── 888 LOW vulnerabilities      ❌
└── 413 OS packages to track     ❌

Security Posture: EXTREMELY POOR
Recommendation: AVOID - highest vulnerability count

alpine/openclaw

Scan Results:
├── 1,156 TOTAL vulnerabilities  ❌
├── 7 CRITICAL vulnerabilities   ❌
├── 242 HIGH vulnerabilities     ❌
├── 907 MEDIUM vulnerabilities   ❌
└── 413 OS packages to track     ❌

Security Posture: POOR
Recommendation: NOT for production use

After: Minimus Image

Scan Results:
├── 0 CRITICAL vulnerabilities   ✅
├── 4 HIGH vulnerabilities       ⚠️  (npm packages)
├── 3 MEDIUM vulnerabilities     ⚠️  (npm packages)
└── ~50 packages to track        ✅

Security Posture: EXCELLENT
Recommendation: Production-ready

The Numbers Don't Lie

Minimus OpenClaw image:

  • 294x more secure than official GHCR (7 vs 2,062 vulnerabilities)
  • 293x more secure than 1panel (7 vs 2,054 vulnerabilities)
  • 165x more secure than alpine (7 vs 1,156 vulnerabilities)
  • 100% fewer critical issues (0 vs 7)
  • Zero OS vulnerabilities (all issues are in application layer)
  • Easier maintenance (track 7 issues vs 2,000+)
  • ~50% smaller (2.23 GB vs 4.66 GB for official GHCR)

Why a Secure OpenClaw Container Matters

Look, if you're running OpenClaw, you probably:

  • Have a homelab (or thinking about one)
  • Care about owning your data
  • Don't trust random Docker images
  • Want AI on your terms, not someone else's

The problem is most "self-hosted" guides just say "docker pull whatever" and call it a day. That's fine until you realize your default setup contains more than 2k known vulnerabilities and you just gave it the keys to your WhatsApp.

Using Minimus OpenClaw Image provides a more secure starting point. Without changing OpenClaw’s functionality, you get:

  • Actually audited and scanned images (we literally show you the reports)
  • Updates that don't require you to rebuild everything
  • Security without the enterprise complexity

It's self-hosting done right, not just self-hosting done quickly.

Note:  Please be aware that there are additional security implications to consider when deploying any OpenClaw agent in a containerized environment using Docker default configurations from the Upstream OpenClaw repo. We suggest our readers go over all configurations and adjust them accordingly.

Try Minimus OpenClaw Image

Running your own AI assistant shouldn't mean compromising on security. Try the Minimus OpenClaw image to get:

  • 99% fewer vulnerabilities than standard images
  • Regular automated updates with zero manual intervention
  • Zero critical security issues in the OS
  • Production-ready with enterprise support
  • Easy to deploy with Docker or Podman
  • Effortless to maintain with one-command updates

Using the Minimus OpenClaw Image

Getting started with Minimus' OpenClaw image is simple:

1. Clone the OpenClaw GitHub repo.

git clone https://github.com/openclaw/openclaw.git
cd openclaw

2. Switch to the Minimus OpenClaw image.

echo "FROM us-docker.pkg.dev/prod-375107/minimus-public/openclaw:latest" > Dockerfile

3. Continue with either the Docker option, or the Podman option. Below, we show the Podman option.

./setup-podman.sh

Compose manual flow will also work seamlessly.

Additional Resources

Documentation

Community & Support

    Common Questions about Minimus OpenClaw Image

    How does the image size compare?

    Docker Hub shows compressed download sizes (~1.6 GB), but actual on-disk usage is what matters. The Minimus image uses ~2.23 GB uncompressed vs ~4.0 GB for alpine/1panel - slightly smaller with vastly better security. The real win is 99% fewer vulnerabilities and minimal attack surface.

    What about the 11 remaining vulnerabilities?

    All 11 are in npm packages (pnpm, tar), not the OS. These are:

    • Actively maintained by the Node.js community
    • Regularly updated when upstream fixes are available
    • Not privilege-escalation risks

    Do you support ARM64?

    Yes! Our images are multi-arch: linux/amd64 and linux/arm64

    Can I use this commercially?

    Yes! OpenClaw is MIT licensed. Our images follow the same license. More information about licensing and copyrights.

    Share this post
    Security Research
    Assaf Shapira
    DevOps Lead
    Gal Shafrir
    Software Engineer
    Sign up for minimus

    Avoid over 97% of container CVEs

    Access hundreds of hardened images, secure Helm charts, the Minimus custom image builder, and more.
    Get Started