In 2025 we had a ‘DeepSeek moment’ and in 2026 we are having an ‘OpenClaw moment’. This AI agent is super powerful, but also super insecure. There is, however, good news, because the Malaga company VirusTotal has partnered with the OpenClaw project to try to mitigate one of the most important cybersecurity risks of this AI agent: its skills.
what has happened. OpenClaw (formerly Moltbot, and before Clawdbot) has announced that it has begun a collaboration with the Malaga cybersecurity company VirusTotal, owned by Google. The agreement will see VirusTotal be in charge of “scanning” and analyzing the so-called “skills”, which work like OpenClaw plugins and add all kinds of functions. They do it, of course, but many take the opportunity to introduce malicious instructions that allow them to steal data and remotely operate other people’s AI agents.
More security for disturbing AI. Peter Steinberger, creator of the project, has joined Jamieson O’Reilly, cybersecurity expert and founder of the company Dvulnand Bernardo Quintero, founder of VirusTotal, to offer that “additional layer of security for the OpenClaw community.” In it official announcement explain that “all the skills published in ClawdHub (the project’s official skills “store”) are now scanned through Virus Total’s Threat Intelligence system, including its new capability Code Insight (code inspection)”. Bernardo Quintero indicated on Twitter how the effort has already allowed 1,700 skillls to be identified as malicious.
If the skill is malicious, it is blocked. This analysis carried out with the VirusTotal tools allows us to identify skills as malicious and block them immediately so that they cannot be downloaded. Not only that: those skills that have been classified as benign are analyzed again every day to detect scenarios in which for some reason they could end up becoming malicious.
Still, be careful. Those responsible for OpenClaw warn: the VirusTotal scan helps a lot, but it is not a total guarantee that any skill can perform malicious actions on the machine on which we have our AI agent installed. The attacks of prompt injection Sophisticated skills can manage to cross that barrier, but of course this collaboration means that OpenClaw users can be much calmer regarding the skills available in the ClawdHub repository.
OpenClaw wants to be much more secure. This first effort joins OpenClaw’s ambition to have a complete cybersecurity model which includes things like a public roadmap for your new developments in this area, a formal communication process, and details about full audits of your code.
Plugging a problem that could kill OpenClaw. The OpenClaw project soon went viral due to its eye-catching options, but shortly after doing so a security audit initial 2,851 skills detected 341 malicious skills. Companies like BitDefender also joined these efforts to avoid problems with tools like AI Skills Checker to check whether a skill was dangerous or not. These malicious skills were, for example, capable of executing shell commands on the victim machine, which gave the attacker complete control of those resources.
Attacking the machine is confusing it with natural language. Normally cybersecurity attacks are complex, but the problem with AI agents is that they work with natural language. This implies that to infiltrate these systems you do not have to use code, but simply “convince” and “trick” the AI with natural language. That is where prompt injection attacks come in, which consist of giving instructions to those AI agents that can confuse them to obtain something that theoretically they should not allow them to obtain. Personal data, API keys of the models we use at OpenClaw, email accounts and passwords for all types of services… the possibilities are endless, and OpenClaw, which has access to all of this to operate autonomously, can end up being “tricked” into transferring said data.
Beware of OpenClaw. These problems now seem a little less feasible thanks to the collaboration with VirusTotal, but those who are trying OpenClaw on their machines or any other platform should be very alert from the beginning. There are guides that help you install it with some barriers important security issues, and the project itself has a command (‘openclaw security audit –deep –fix’ to audit the most important problems and address them.
In Xataka | OpenAI has a problem: Anthropic is succeeding right where the most money is at stake
GIPHY App Key not set. Please check settings