OpenClaw’s AI ‘skill’ extensions are a security nightmare
TL;DR
OpenClaw's AI skill extensions pose serious security risks, with malware found in hundreds of user-submitted add-ons on its marketplace, turning it into an attack surface.
OpenClaw, the AI agent that has exploded in popularity over the past week, is raising new security concerns after researchers uncovered malware in hundreds of user-submitted "skill" add-ons on its marketplace. In a post on Monday, 1Password product VP Jason Meller says OpenClaw's skill hub has become "an attack surface," with the most-downloaded add-on serving as a "malware delivery vehicle."
OpenClaw - first called Clawdbot, then Moltbot - is billed as an AI agent that "actually does things," such as managing your calendar, checking in for flights, cleaning out your inbox, and more. It runs locally on devices, and users can interact with t …