15% of OpenClaw's 700+ community skills contain malicious instructions, study finds
A massive security scan reveals the dark side of the booming AI agent ecosystem.
Deep Dive
A security researcher scanned 18,000 exposed OpenClaw instances and analyzed its community skill repository. The findings are alarming: nearly 15% of the 700+ community skills contained malicious instructions designed to exfiltrate data, download payloads, or harvest credentials. The report highlights a "whack-a-mole" problem where removed skills quickly reappear and warns of "Delegated Compromise," where attackers target the agent to access a user's entire digital life.
Why It Matters
This exposes a critical, unvetted supply chain risk, turning popular AI agents into potential backdoors for millions of users.