OpenClaw integrated VirusTotal scanning for ClawHub skills so custom plugins are checked by over 70 antivirus engines and URL/domain blocklisting services. The scanning aims to detect malware and malicious URLs within skills but will not address attacks that rely on natural-language instructions or carefully crafted prompt injection payloads. The Salt Typhoon intrusions reportedly gave Chinese-linked hackers extensive access to major US carriers and third-party systems used to spy on customers. Senator Maria Cantwell has demanded AT&T and Verizon CEOs explain withheld post-breach security assessments and justify telcos' defensive measures and transparency.
"OpenClaw skills are powerful. They extend what your AI agent can do-from controlling smart home devices to managing finances to automating workflows. But with that power comes risk,"
"Let's be clear: this is not a silver bullet,"
"VirusTotal scanning won't catch everything. A skill that uses natural language to instruct an agent to do something malicious won't trigger a virus signature. A carefully crafted prompt injection payload won't show up in a threat database."
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]