VirusTotal

OpenClaw is the most viral, fascinating and dangerous AI of the moment. For this last reason, it has joined forces with VirusTotal from Malaga

by

In 2025 we had a ‘DeepSeek moment’ and in 2026 we are having an ‘OpenClaw moment’. This AI agent is super powerful, but also super insecure. There is, however, good news, because the Malaga company VirusTotal has partnered with the OpenClaw project to try to mitigate one of the most important cybersecurity risks of this AI agent: its skills. what has happened. OpenClaw (formerly Moltbot, and before Clawdbot) has announced that it has begun a collaboration with the Malaga cybersecurity company VirusTotal, owned by Google. The agreement will see VirusTotal be in charge of “scanning” and analyzing the so-called “skills”, which work like OpenClaw plugins and add all kinds of functions. They do it, of course, but many take the opportunity to introduce malicious instructions that allow them to steal data and remotely operate other people’s AI agents. More security for disturbing AI. Peter Steinberger, creator of the project, has joined Jamieson O’Reilly, cybersecurity expert and founder of the company Dvulnand Bernardo Quintero, founder of VirusTotal, to offer that “additional layer of security for the OpenClaw community.” In it official announcement explain that “all the skills published in ClawdHub (the project’s official skills “store”) are now scanned through Virus Total’s Threat Intelligence system, including its new capability Code Insight (code inspection)”. Bernardo Quintero indicated on Twitter how the effort has already allowed 1,700 skillls to be identified as malicious. If the skill is malicious, it is blocked. This analysis carried out with the VirusTotal tools allows us to identify skills as malicious and block them immediately so that they cannot be downloaded. Not only that: those skills that have been classified as benign are analyzed again every day to detect scenarios in which for some reason they could end up becoming malicious. Still, be careful. Those responsible for OpenClaw warn: the VirusTotal scan helps a lot, but it is not a total guarantee that any skill can perform malicious actions on the machine on which we have our AI agent installed. The attacks of prompt injection Sophisticated skills can manage to cross that barrier, but of course this collaboration means that OpenClaw users can be much calmer regarding the skills available in the ClawdHub repository. OpenClaw wants to be much more secure. This first effort joins OpenClaw’s ambition to have a complete cybersecurity model which includes things like a public roadmap for your new developments in this area, a formal communication process, and details about full audits of your code. Plugging a problem that could kill OpenClaw. The OpenClaw project soon went viral due to its eye-catching options, but shortly after doing so a security audit initial 2,851 skills detected 341 malicious skills. Companies like BitDefender also joined these efforts to avoid problems with tools like AI Skills Checker to check whether a skill was dangerous or not. These malicious skills were, for example, capable of executing shell commands on the victim machine, which gave the attacker complete control of those resources. Attacking the machine is confusing it with natural language. Normally cybersecurity attacks are complex, but the problem with AI agents is that they work with natural language. This implies that to infiltrate these systems you do not have to use code, but simply “convince” and “trick” the AI ​​with natural language. That is where prompt injection attacks come in, which consist of giving instructions to those AI agents that can confuse them to obtain something that theoretically they should not allow them to obtain. Personal data, API keys of the models we use at OpenClaw, email accounts and passwords for all types of services… the possibilities are endless, and OpenClaw, which has access to all of this to operate autonomously, can end up being “tricked” into transferring said data. Beware of OpenClaw. These problems now seem a little less feasible thanks to the collaboration with VirusTotal, but those who are trying OpenClaw on their machines or any other platform should be very alert from the beginning. There are guides that help you install it with some barriers important security issues, and the project itself has a command (‘openclaw security audit –deep –fix’ to audit the most important problems and address them. In Xataka | OpenAI has a problem: Anthropic is succeeding right where the most money is at stake

A teenager discovered the ‘Málaga’ virus and ended up founding VirusTotal. The enigma that remains is the same since 1992: who programmed it

by

Bernardo Quintero (@bquintero) was 14 years old and his first PC, an Amstrad PC-1512, had just arrived home. It was 1987, and the co-founder of VirusTotal He was excited by this machine that allowed him to exploit his computer curiosity. His hobby ended up being trying to circumvent the copy protection systems of some games, and he was there one day when something suddenly happened. A little white ball moved on your screen. By itself. Without him having done anything. He soon discovered that it was a computer virus. One that he ended up studying to know how to detect and eliminate it. He succeeded, and over the next three years he ended up improving his first antivirus, a tool that allowed him to recognize and eradicate seven different viruses he had encountered. It didn’t seem like that project was going to go much further, and Quintero began his studies in Computer Science at the Polytechnic University School of Malaga. In one of the first classes, a professor asked if anyone wanted to raise a grade with a Pascal programming project. He signed up, and when talking to the professor, he asked him if he had done any previous projects. “Well, yes,” he replied. “An accounting program, disk utilities, an antivirus…”. The teacher cut him off. “Did you say antivirus?”. When he answered affirmatively, the professor asked him to accompany him to his office. There he showed him how the entire IT department had been infected by a virus that the antivirus did not recognize. Fragment of the code in Turbo Pascal 5.5 of the antivirus that Bernardo Quintero developed to eliminate the “Málaga-2610” virus (1992). Source: Bernardo Quintero. Quintero soon detected where the problem could be and went home with an infected disk to work on an antivirus. It took him more than he thought, but after a few hours he managed to figure out how to detect it and delete it. That helped him pass the subject, but it also ended up being the definitive seed of the professional project that would end with the founding of Virus Total. He tells it all in more detail in his novel, ‘Infected‘, which he published at the beginning of the year and in which he narrates those beginnings and how that ended up leading him to create VirusTotal, the Malaga company that would later end up being bought by Google. That virus in his faculty was called “Málaga”, and Quintero spent years without paying much attention to it again. So, three years ago, this expert posted a message on Twitter (X) to try to solve the mystery of who would have created it. Already then he discovered that according to several sources the virus had been created at the Polytechnic School of Informatics. The objective, I counted thenit was not about bringing the name to light, but about chatting with that person and remembering those times. He failed to reveal the mystery, and that mystery remained unsolved again. But Bernardo Quintero never forgot that and returned to the fray with a new attempt a few days ago. After first publishing a message on X, the next day he published a summary of that story on LinkedInand asked for help in that post to try to solve the mystery once and for all. We contacted him, and he told us how while in the past he had focused on discovering how it infected and creating the disinfection tool, he never tried to find out who had created the “Malaga” virus. But he told us that “now, looking at it with new eyes, I have seen a couple of interesting details and I have discovered the motivation.” In fact, he adds that thanks to those messages on X and LinkedIn “I have received stories from several people who studied those years at the Polytechnic of Malaga and who believe they know the author.” Of those candidates, he explains, “I have ruled out 3 or 4, but there is one that fits very well with the new data I have.” The mystery seems to be close to being solved. “I just need to clear up one unknown to confirm the author.. And if it is confirmed, there is a beautiful and sad story that will be worth telling.” Everything therefore indicates that it will finally be known who was the author of that virus, and Quintero has promised to tell more details these days. We will be attentive. Image | Mika Baumeister In Xataka | The computer with the most malware in the world: this is MICE, the challenge of Bernardo Quintero and VirusTotal

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.