As part of larger efforts to strengthen the security of the agentic ecosystem, OpenClaw (formerly MoltBot and ClawdBot) has announced that it is collaborating with VirusTotal, owned by Google, to scan skills being uploaded to ClawHub, its skill marketplace This article explores security stated openclaw. . Peter Steinberger, the founder of OpenClaw, Jamieson O'Reilly, and Bernardo Quintero stated, "VirusTotal's threat intelligence, including their new Code Insight capability, is now used to scan all skills published to ClawHub."

"This gives the OpenClaw community an extra degree of protection." In essence, the procedure comprises generating a distinct SHA-256 hash for each skill and comparing it to VirusTotal's database to see if it matches. The skill bundle is uploaded to the malware scanning program for additional examination using VirusTotal Code Insight if it cannot be located.

ClawHub automatically approves skills with a "benign" Code Insight verdict, while it flags skills with a warning if they are deemed suspicious. Language itself has the power to control them.OpenClaw also admitted that bad actors could abuse the power of skills, which are used to expand an AI agent's capabilities, such as managing finances or controlling smart home devices. These actors could use the agent's access to tools and data to exfiltrate sensitive data, send messages on behalf of the victim, execute unauthorized commands, or even download and run additional payloads without the victim's knowledge or consent.

Furthermore, as OpenClaw is being used on employee endpoints more frequently without official IT or security approval, the elevated privileges of these agents can further facilitate shell access, data transfer, and network connectivity beyond the scope of standard security controls, posing a new class of Shadow AI risk to businesses. Tomer Yahalom, a researcher at Astrix Security, stated that "OpenClaw and tools like it will show up in your organization whether you approve them or not." "Because they are actually helpful, employees will install them.

The only question is if you'll be aware of it.Below are a few of the obvious security flaws that have surfaced recently: A previously discovered bug in previous iterations that may have led to proxied traffic being mistakenly categorized as local, evading authentication for certain instances of internet exposure, has been fixed. A misconfigured Moltbook Supabase database was left vulnerable in client-side JavaScript, granting complete read and write access to platform data and exposing the secret API keys of all agents registered on the website. Wiz claims that 35,000 email addresses, 1.5 million API authentication tokens, and private messages exchanged between agents were among the exposed data.

Threat actors have been observed taking advantage of Moltbook's platform features to increase their reach and direct other agents to malicious threads with prompt injections in order to control their behavior and steal cryptocurrency or sensitive data. According to Zenity Labs, "Moltbook may have unintentionally also created a laboratory in which agents, which can be high-value targets, are constantly processing and engaging with untrusted data – all by design." Conor McCauley, Kasimir Schulz, Ryan Tracey, and Jason Martin, researchers at HiddenLayer, pointed out that "the first, and perhaps most egregious, issue is that OpenClaw relies on the configured language model for many security-critical decisions."