Unveiling the Dangers: The Security Risks of OpenClaw’s AI Skill Extensions

OpenClaw, the AI agent that has recently gained significant popularity, is now facing new security challenges. Researchers have discovered malware in numerous user-submitted “skill” add-ons on its marketplace, sparking concerns about the platform’s security.

Originally known as Clawdbot and then Moltbot, OpenClaw is marketed as an AI agent that can perform various tasks such as managing calendars, checking in for flights, and organizing inboxes. It operates locally on devices and can be interacted with through messaging apps like WhatsApp, Telegram, and iMessage. However, some users are granting OpenClaw extensive access to their devices, potentially exposing sensitive information.

The presence of malware disguised as helpful skills further compounds the security risks. OpenSourceMalware has identified malicious skills on the ClawHub marketplace, including tools that masquerade as cryptocurrency trading automation software but actually deliver information-stealing malware.

According to OpenSourceMalware, these malicious skills trick users into executing commands that steal valuable assets like exchange API keys, wallet private keys, SSH credentials, and browser passwords. The platform reported 28 malicious skills uploaded between January 27th and 29th, along with 386 malicious add-ons uploaded between January 31st and February 2nd.

Jason Meller, the VP of 1Password product, highlighted the risks associated with OpenClaw’s skills, which are often uploaded as markdown files. These files may contain harmful instructions for both users and the AI agent, as seen in a popular “Twitter” add-on that prompted users to click a link designed to download infostealing malware.

In response to these security concerns, OpenClaw’s creator, Peter Steinberger, has implemented stricter measures on ClawHub. Users now need a GitHub account that is at least one week old to publish a skill, and there is a new reporting system for suspicious skills. Despite these efforts, the risk of malware infiltrating the platform remains a significant issue.