OpenClaw, an Open-Source AI Agent Framework, Exploited by Malicious Campaigns

OpenClaw, an open-source AI agent framework, is being exploited by malicious campaigns via ClawHub, the public registry of OpenClaw skills. With over 160K stars on GitHub, 2M visitors per week, and 5K third-party skills, OpenClaw has become popular but poses risks to enterprise networks. Users can easily deploy AI agents on enterprise machines, creating a new enterprise risk. Attacks include malicious skills that exploit the high system permissions of agents. Bitdefender Labs has identified nearly 900 malicious skills on ClawHub, representing 20% of the total packages. Malicious campaigns include ClawHavoc, AuthTool, and data exfiltration attacks. Attackers use social engineering techniques and automated scripts to deploy malicious skills. Recommendations include banning OpenClaw on enterprise devices and using multi-layered security technologies.