Recent reports have highlighted security concerns surrounding the OpenClaw AI platform, previously known as Clawdbot and Moltbot. The platform, designed to assist users with various tasks, has faced issues with its ‘skill’ extensions, which are user-submitted add-ons meant to enhance its functionality.
Security researchers have identified a significant number of malicious add-ons, some disguised as tools for cryptocurrency trading automation, that deploy information-stealing malware. This has raised concerns about the platform’s integrity and the potential risks to users’ sensitive data, including crypto assets and login credentials.
1Password product VP Jason Meller described the skill hub as ‘an attack surface,’ emphasizing the security risks posed by these add-ons. The platform monitoring service OpenSourceMalware has also reported a significant number of malicious skills and add-ons uploaded to the ClawHub marketplace within a short timeframe.
These findings underscore the urgent need for enhanced security measures to safeguard users from potential cyber threats within the AI platform’s ecosystem.
Source: The Verge