All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Security Researchers Find Malware in Hundreds of OpenClaw AI Agent Skill Extensions

By

Emma Roth

3mo ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

A good honest bake. Not flashy, but you'll finish the whole bagel.

Score70TypenewsSentimentnegative

Summary

Security researchers have discovered hundreds of malicious add-ons in OpenClaw's marketplace, with the most-downloaded skill serving as a malware delivery vehicle. OpenClaw is an AI agent that can perform tasks like managing calendars and checking flights, but its user-submitted skill extensions have created a significant security vulnerability, allowing malware to access users' computers.

Key quotes

· 4 pulled
OpenClaw's skill hub has become 'an attack surface'
the most-downloaded add-on serving as a 'malware delivery vehicle'
Security researchers have uncovered hundreds of malicious add-ons for OpenClaw
the locally-run AI agent that users can give permission to take over their whole computer
Snippet from the RSS feed
Security researchers have uncovered hundreds of malicious add-ons for OpenClaw, the locally-run AI agent that users can give permission to take over their whole computer.

You might also wanna read

Security Risks of OpenClaw's AI Agent Capabilities: How Powerful Features Become Attack Vectors

The article examines how OpenClaw's powerful AI agent capabilities, which provide access to files, tools, browsers, terminals, and long-term

1password.com·3mo ago

Security Risks of Running OpenClaw AI Agent on Personal Machines and Cloud VM Alternatives

OpenClaw is a viral self-hosted AI agent that gained over 215k GitHub stars by providing powerful automation capabilities including shell co

blog.skypilot.co·3mo ago

ClawdBot Open-Source Malware Framework Targets Cryptocurrency Platforms and Social Media

The article discusses ClawdBot, an open-source malware framework that uses malicious skills to target cryptocurrency platforms and social me

opensourcemalware.com·4mo ago

SClawHub Security Scanner for OpenClaw AI Agent Skills

SClawHub is a security scanner for OpenClaw AI agent skills that provides trust scores (0-100) to detect potential security issues before in

Product Hunt·3mo ago

ClawSecure: Security Platform for OpenClaw AI Agents with 3-Layer Protection

ClawSecure is a security platform designed specifically for OpenClaw AI agents, offering comprehensive protection including 3-layer security

Product Hunt·1mo ago

Critical RCE Vulnerability in OpenClaw AI Assistant (CVE-2026-25253) Allows Data and Key Theft

A technical security analysis reveals a critical remote code execution (RCE) vulnerability (CVE-2026-25253) in OpenClaw, a popular open-sour

depthfirst.com·3mo ago