"OpenClaw, the AI agent that has exploded in popularity over the past week, is raising new security concerns after researchers uncovered malware in hundreds of user-submitted "skill" add-ons on its marketplace. In a post on Monday, 1Password product VP Jason Meller says OpenClaw's skill hub has become "an attack surface," with the most-downloaded add-on serving as a "malware delivery vehicle.""
"OpenClaw - first called Clawdbot, then Moltbot - is billed as an AI agent that "actually does things," such as managing your calendar, checking in for flights, cleaning out your inbox, and more. It runs locally on devices, and users can interact with the AI assistant through messaging apps like WhatsApp, Telegram, iMessage, and others. But some users are giving OpenClaw the ability to access their entire device, allowing it to read and write files, execute scripts, and run shell commands."
"OpenSourceMalware, a platform that tracks the presence of malware across the open-source ecosystem, found that 28 malicious skills were published on the ClawHub skill marketplace between January 27th and 29th, in addition to 386 malicious add-ons that were uploaded between January 31st and February 2nd. OpenSourceMalware says the skills "masquerade as cryptocurrency trading automation tools and deliver information-stealing malware" and manipulate users into executing malicious code that "steals crypto assets like exchange API keys, wallet private keys, SSH credentials, and browser passwords.""
OpenClaw is a locally running AI agent that automates tasks like calendar management, flight check-in, and inbox cleanup and can be accessed via messaging apps. Users can grant skills broad device permissions, including file read/write, script execution, and shell command access. Numerous user-submitted skills on the ClawHub marketplace have been identified as malicious, with rapid uploads over several days. The malicious skills often pose as cryptocurrency trading tools and deliver information-stealing malware that targets exchange API keys, wallet private keys, SSH credentials, and browser passwords. Markdown-based skill uploads can include instructions that trick users or the agent into executing harmful code.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]