Skip to main content
Digital tentacles of OpenClaw AI extend from a laptop, ensnaring a skull icon, symbolizing security risks.

Editorial illustration for OpenClaw AI skill extensions flagged as security nightmare by OpenSourceMalware

AI Extension Marketplace Exposes Massive Data Theft Risk

OpenClaw AI skill extensions flagged as security nightmare by OpenSourceMalware

Updated: 3 min read

OpenClaw’s AI skill extensions are supposed to make the platform smarter, faster, more capable. Instead, they have become a delivery mechanism for digital heists. Between January 27 and February 2, researchers at OpenSourceMalware uncovered 414 malicious uploads on the ClawHub marketplace, 28 skill extensions and 386 add-ons.

The threat is not theoretical. These “skills” masquerade as cryptocurrency trading automation tools. In reality, they are information-stealing payloads, designed to drain wallets, copy API keys, and exfiltrate browser passwords.

The method is deceptively simple. Skills are often distributed as markdown files. Those files contain instructions that look benign but can lead both user and AI agent straight into a compromised workflow.

It is a security nightmare, and it is unfolding in plain sight.

While this kind of access poses risks on its own, malware disguised as skills that are supposed to enhance OpenClaw's capabilities only contribute to concerns. OpenSourceMalware, a platform that tracks the presence of malware across the open-source ecosystem, found that 28 malicious skills were published on the ClawHub skill marketplace between January 27th and 29th, in addition to 386 malicious add-ons that were uploaded between January 31st and February 2nd. OpenSourceMalware says the skills "masquerade as cryptocurrency trading automation tools and deliver information-stealing malware" and manipulate users into executing malicious code that "steals crypto assets like exchange API keys, wallet private keys, SSH credentials, and browser passwords." Meller notes that OpenClaw's skills are often uploaded as markdown files, which could contain malicious instructions for both users and the AI agent.

The question is no longer whether OpenClaw’s ecosystem is a gateway for malicious actors, it is. With hundreds of poisoned add-ons slipping through in a matter of days, the line between utility and exploitation has all but dissolved. A platform that treats skill uploads as mere markdown invites disaster, turning every would-be automation tool into a potential siphon for credentials and crypto keys.

OpenSourceMalware’s findings aren’t a warning; they’re a verdict. Until ClawHub enforces rigorous vetting, sandboxes execution, and treats every extension as hostile until proven safe, users are left to gamble their digital assets on good faith. And good faith, as the malware authors have shown, is the easiest credential to steal.

Common Questions Answered

How many malicious skills were found on the ClawHub skill marketplace according to OpenSourceMalware?

OpenSourceMalware discovered 28 malicious skills published on the ClawHub skill marketplace between January 27th and 29th. Additionally, they found 386 malicious add-ons uploaded between January 31st and February 2nd, highlighting significant security concerns for the OpenClaw platform.

What security risks do OpenClaw's skill extensions pose to users?

OpenClaw's open marketplace allows third-party code to run alongside its core AI, creating a potential doorway for malicious actors to hide harmful code behind seemingly helpful add-ons. Jason Meller of 1Password described the skill hub as an "attack surface," emphasizing the ease with which unwanted payloads could be introduced to the system.

Why are OpenClaw's skill extensions considered a security nightmare?

The platform's plug-in style skill extensions create significant security vulnerabilities by allowing potentially malicious third-party code to run alongside the core AI system. The most-downloaded add-on is reportedly being used as a "malware delivery vehicle," demonstrating the potential for bad actors to exploit the open marketplace's design.

LIVE03:21OpenAI's Miles Wang in Talks for USD 2B AI Drug Discovery Startup