OpenClaw’s AI ‘skill’ extensions are a security nightmare

OpenClaw, the AI agent that has exploded in popularity over the past week, is raising new security concerns after researchers uncovered malware in hundreds of user-submitted "skill" add-ons on its marketplace. In a post on Monday, 1Password product VP Jason Meller says OpenClaw's skill hub has become "an attack surface," with the most-downloaded add-on serving as a "malware delivery vehicle."

OpenClaw - first called Clawdbot, then Moltbot - is billed as an AI agent that "actually does things," such as managing your calendar, checking in for flights, cleaning out your inbox, and more. It runs locally on devices, and users can interact with t …

Read the full story at The Verge.