Audit Reveals Flaws in OpenClaw Skills Safety Scanner

We audited 1,620 OpenClaw skills. The ecosystem's safety scanner labels 91% of confirmed threats "benign." [full reports linked] The audit analyzed 1,620 OpenClaw skills using behavioral analysis and compared results with Clawdex, the ecosystem’s primary safety scanner. Of 88 skills flagged as dangerous or malicious, Clawdex only identified 7, while 61 contained confirmed threats—such as C2 channels, prompt worms, and crypto drainers—misclassified as "benign." Clawdex relies on static analysis at install time, missing runtime threats delivered via plain-text instructions in SKILL.md files. The audit also noted three methodological flaws, including scoring inconsistencies and one false positive.