OpenClaw is terrifying and the ClawHub ecosystem is already full of malware

Paul McCarty, maintainer of OpenSourceMalware, has discovered hundreds of malicious skills on ClawHub. Jamieson O'Reilly demonstrated the security flaws by creating a backdoored skill that became the #1 most downloaded on ClawHub with over 4000 downloads manipulated by bots, and which was executed by real developers from 7 different countries. The vulnerabilities include the absence of rate limiting, the ability to manipulate the download counter with unauthenticated requests, and the capability to forge IP addresses via X-Forwarded-For. The creator of OpenClaw, Peter Steinberger, has adopted the position that users should simply be careful and not download malware.