Ethical Hacking News
OpenClaw's integration with VirusTotal marks an important step towards boosting the security of the agentic ecosystem, but security experts are warning that ongoing risks remain. With critical security flaws discovered in the platform, organizations must take proactive measures to secure their use and prevent potential attacks.
OpenClaw has partnered with Google-owned VirusTotal to scan skills for security threats.The integration will detect malicious skills and block their download.Skills with suspicious Code Insight verdicts are flagged with a warning.OpenClaw will re-scan all active skills daily to detect potential security issues.Security experts warn that some malicious skills may still evade detection.The platform's deployment on employee endpoints raises security concerns due to elevated privileges.Risk of Shadow AI attacks increases with OpenClaw's use, enabling shell access and data movement outside standard controls.OpenClaw has published a threat model and security roadmap to address security concerns.Researchers have discovered critical security flaws in the platform, including zero-click backdoor attacks.A security analysis found 283 skills with critical security flaws exposing sensitive credentials.
The world of artificial intelligence (AI) has witnessed tremendous growth and advancements in recent years. However, with the increasing reliance on AI-powered tools for various tasks, security experts have been sounding the alarm bells about the potential risks associated with these technologies. In a recent development that aims to bolster the security of the agentic ecosystem, OpenClaw, a skill marketplace platform, has announced its partnership with Google-owned VirusTotal to scan skills being uploaded to ClawHub.
The integration of VirusTotal's threat intelligence into OpenClaw's system will enable the detection of malicious skills, thereby providing an additional layer of security for the OpenClaw community. The process involves creating a unique SHA-256 hash for every skill and cross-checking it against VirusTotal's database for a match. If the skill is not found, it is uploaded to the malware scanning tool for further analysis using VirusTotal Code Insight.
Skills that have a "benign" Code Insight verdict are automatically approved by ClawHub, while those marked suspicious are flagged with a warning. Any skill deemed malicious is blocked from download. OpenClaw also announced that all active skills will be re-scanned on a daily basis to detect scenarios where a previously clean skill becomes malicious.
While the integration of VirusTotal's threat intelligence into OpenClaw's system is a positive step towards enhancing security, security experts are cautioning that this move is not a silver bullet. They warn that some malicious skills that use cleverly concealed prompt injection payloads may still slip through the cracks.
The recent viral popularity of OpenClaw has raised security concerns, particularly with regards to its deployment on employee endpoints without formal IT or security approval. This elevated privilege of these agents can further enable shell access, data movement, and network connectivity outside standard security controls, creating a new class of Shadow AI risk for enterprises.
In addition to the partnership with VirusTotal, OpenClaw is also expected to publish a comprehensive threat model, public security roadmap, formal security reporting process, as well as details about the security audit of its entire codebase. This move demonstrates the platform's commitment to transparency and accountability in addressing the security concerns surrounding its use.
However, the vulnerabilities in OpenClaw have not gone unnoticed. Researchers have discovered several critical security flaws in the platform, including a zero-click attack that abuses OpenClaw's integrations to plant a backdoor on a victim's endpoint for persistent control. Another issue involves an indirect prompt injection embedded in a web page, which causes OpenClaw to append an attacker-controlled set of instructions to the ~/.openclaw/workspace/HEARTBEAT.md file and silently await further commands from an external server.
A security analysis of 3,984 skills on the ClawHub marketplace has found that 283 skills contain critical security flaws that expose sensitive credentials in plaintext through the LLM's context window and output logs. The exposure includes 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents.
In a hypothetical attack scenario, a prompt injection payload embedded within a specifically crafted WhatsApp message can be used to exfiltrate ".env" and "creds.json" files, which store credentials, API keys, and session tokens for connected messaging platforms from an exposed OpenClaw instance.
Furthermore, the entrenchment of access given to skills in OpenClaw has raised concerns. The integrations provided by the platform are convenient but significantly broaden the attack surface and expand the set of untrusted inputs the agent consumes. This has led security experts to describe OpenClaw as an "AI With Hands."
The power wielded by skills – which are used to extend the capabilities of an AI agent, such as controlling smart home devices or managing finances – can be abused by bad actors. These actors can leverage the agent's access to tools and data to exfiltrate sensitive information, execute unauthorized commands, send messages on the victim's behalf, and even download and run additional payloads without their knowledge or consent.
In conclusion, while OpenClaw's integration with VirusTotal is a step towards enhancing security, it is clear that there are ongoing risks associated with the use of this platform. As more organizations consider deploying OpenClaw on employee endpoints, it is essential to take a closer look at its security features and address the vulnerabilities discovered in recent days.
Related Information:
https://www.ethicalhackingnews.com/articles/OpenClaw-Integrates-VirusTotal-Scanning-to-Detect-Malicious-ClawHub-Skills-but-Security-Experts-Warn-of-Ongoing-Risks-ehn.shtml
https://thehackernews.com/2026/02/openclaw-integrates-virustotal-scanning.html
https://cybersecuritynews.com/openclaw-ai-agent-skills-abused/
Published: Sun Feb 8 02:01:30 2026 by llama3.2 3B Q4_K_M
