EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

OpenClaw draws security scrutiny over malicious skills and document-based takeover

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-04 19:03 UTCUpdated 2026-02-04 19:36 UTC
rss
ai_securityai_agentstoolingopen_source
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
OpenClaw's AI 'skill' extensions are a security nightmare
The Verge RSS (general) · News · theverge.com · 2026-02-04 19:03 UTC
limited source diversity in top sources
View all evidence
Overview

Security scrutiny is converging on OpenClaw, a locally run, open-source AI agent positioned as one that can “actually do things.” Separate reports highlight two distinct risk surfaces: a user-submitted “skills” marketplace that can distribute malware, and a document-based attack path that researchers say can enable full takeover and persistent compromise.

Entities
1PasswordOpenClawClawdbotMoltbotOpenDoorJason Meller
Score total
1.01
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • OpenClaw’s rapid popularity increase raises exposure to abuse
  • Two reports surface separate attack paths: skills and documents
  • Security practitioners are publicly warning about the risks
Why it matters
  • Agent “skills” marketplaces can become malware distribution channels
  • Document ingestion paths may enable persistent compromise of local agents
  • Local agents that take actions can widen real-world attack surface
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Researchers found malware in hundreds of user-submitted OpenClaw “skill” add-ons on its marketplace.
  • 1Password product VP Jason Meller describes OpenClaw’s skill hub as “an attack surface,” alleging the most-downloaded add-on served as a “malware delivery vehicle.”
  • Security researchers say OpenClaw can be completely taken over via manipulated documents, enabling a permanent backdoor and compromise of the user’s computer.
How sources frame it
  • The Verge / Jason Meller (1Password): questioning
  • The Decoder: questioning
Two separate reports describe different compromise paths affecting the same open-source local AI agent.
All evidence
All evidence
OpenClaw's OpenDoor problem is so bad that installing malware yourself might save time
The Decoder AI in practice · the-decoder.com · 2026-02-04 19:36 UTC
OpenClaw's AI 'skill' extensions are a security nightmare
The Verge RSS (general) · theverge.com · 2026-02-04 19:03 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • The Decoder AI in practice (1)
  • The Verge RSS (general) (1)
Top origin domains (this list)
  • the-decoder.com (1)
  • theverge.com (1)