Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
OpenClaw, an AI agent that owns… It exploded in popularity Over the past week, new security concerns have been raised after researchers discovered malware in hundreds of user-submitted “skill” add-ons on the market. in Monday postOpenClaw Skills Center has become an “attack surface,” with the most downloaded add-on serving as a “malware delivery vehicle,” says 1Password vice president of product Jason Miller.
OpenClaw — initially called Clawdbot, then Moltbot — is billed as an AI agent that “actually does stuff,” like managing your calendar, checking in to flights, cleaning out your inbox, and more. It runs natively on devices, and users can interact with the AI assistant through messaging apps like WhatsApp, Telegram, iMessage, and others. But some users give OpenClaw access to their entire device, allowing them to read and write files, execute scripts, and run shell commands.
While this type of access poses risks in itself, malware disguised as skills that are supposed to enhance OpenClaw’s capabilities only adds to the concerns. OpenSourceMalware, a platform that tracks the presence of malware across the open source ecosystem, Found 28 malicious skills They were published on the ClawHub skill marketplace between January 27 and 29, along with 386 malicious add-ons uploaded between January 31 and February 2.
OpenSourceMalware says the skills “disguise themselves as cryptocurrency trading automation tools and deliver information-stealing malware” and manipulate users to execute malicious code that “steals crypto assets such as exchange API keys, wallet private keys, SSH credentials, and browser passwords.”
Miller points out that OpenClaw skills are often uploaded as markdown files, which can contain malicious instructions for both users and the AI agent. That’s what he found when examining one of ClawHub’s most popular add-ons, a “Twitter” skill that contains instructions for users to go to a link “designed to make the client run a command” that downloads information-stealing malware.
OpenClaw creator, Peter Steinberger, It is working to address some of these riskssince ClawHub now requires users to have a GitHub account that is at least one week old to publish a skill. There’s also a new way to report skills, though this doesn’t remove the possibility of malware infiltrating the platform.