the OpenClaw security situation is worse than most people realize — here's what I found going through every audit

Security audits reveal OpenClaw's massive vulnerabilities: 36% of 4,000 scanned skills had security flaws, 76 were confirmed malware, and 12% were malicious in community audits. Attackers deployed 335 fake skills installing Atomic macOS Stealer. Default configurations exposed 135,000 instances to the internet, while invisible email instructions could trick agents into creating backdoors. Experts now recommend Docker-only deployment with strict vetting for all community skills.