The court in McCall v. Wilder, 913 S.W.3d 150, generally detailed these elements of negligence.
In Kubert v. Best, the New Jersey Appellate Division held that “the sender of a text message can potentially be liable if an accident is caused by texting, but only if the sender knew or had special reason to know that the recipient would view the text while driving and thus be distracted."
In https://via.library.depaul.edu/law-review/vol49/iss2/12/ Robert Rabin has provided a categorization of cases decided primarily under common law reasoning that is helpful here.
Referring to what he terms “enabling torts,” Professor Rabin identifies a number of cases in which courts have held defendants liable even when unconnected third parties have actively caused harm to plaintiffs.
More modern recognition is that criminal acts are sometimes foreseeable, and where specific circumstances reflect that foreseeability, it is not justifiable to cut off liability of the party who enabled the tortfeaso.
It is not that compromised system owners are directly causing injury to the targets, but rather that they are furnishing the attacker with the tools necessary to launch the attack.
So in case of Openclaw, there are multiple public articles like this one warning of the security implications using the software.
If you rent and run a server facing the open Internet and voluntarily install Openclaw, I think it’s fair to say that you are neglecting your duty to avoid negligence, and on top you’re likely contractually instructed to keep your own server safe in the user agreement with the hosting companies, otherwise you need to go with a managed product.
And you are obviously able to install and use a complex software like Openclaw to do things on your behalf. Therefore being negligent in securing the server opens up liability for whatever you or someone that hacks your server does.
For example, if you live in a neighborhood where maybe one car gets stolen a year and you leave your car unlocked with the key in the ignition to fetch something from your house, if someone steals your car and does a drive-by shooting with it you are most likely not liable.
If you’re a police officer and do the same thing in a crime ridden neighborhood and provide criminals with a tool to do crime, just to stop them afterwards or push your crime solving rate, you’re definitely liable for the death of someone they shoot out of that car.
It’s complicated, but yes, if you’re technically savvy and also read the fine print in your server rent agreement that tells you you need to take appropriate security measures so your server doesn’t harm others on the internet, I don’t see how a judge would let you off the hook. Similar common sense laws exist in most parts of the world.