OpenClaw security audit reveals 36% of skills have vulnerabilities, 76 are malware

Security audits reveal OpenClaw's massive vulnerabilities: 36% of 4,000 scanned skills had security flaws, 76 were confirmed malware, and 12% were malicious in community audits. Attackers deployed 335 fake skills installing Atomic macOS Stealer. Default configurations exposed 135,000 instances to the internet, while invisible email instructions could trick agents into creating backdoors. Experts now recommend Docker-only deployment with strict vetting for all community skills.