OpenClaw Security Crisis Deepens as Malicious Skills Top 1,100

OpenClaw Security Crisis Deepens as Malicious Skills Top 1,100

OpenClaw, the open-source AI agent that went viral with over 247,000 GitHub stars, is facing a growing security crisis that shows no signs of slowing down.

The Scale of the Problem

Koi Security researcher Oren Yomtov initially found 341 malicious skills on ClawHub in what was tracked as the ClawHavoc campaign. By March 1, that number had grown to over 1,184 confirmed malicious skills across more than 10,700 total packages.

SecurityScorecard identified more than 135,000 publicly exposed OpenClaw instances across 82 countries. Of those, over 50,000 were exploitable via remote code execution, and more than 53,000 were linked to prior breach activity.

China's Viral Adoption and Backlash

OpenClaw went viral in China after campaigns by Tencent and Alibaba. Nearly 1,000 people lined up outside Tencent headquarters in Shenzhen to have the tool installed on their laptops. Users called the trend "raise a lobster," referencing OpenClaw's red lobster logo.

But the enthusiasm turned to concern. The Chinese government warned that OpenClaw, with its access to email and financial accounts, could expose sensitive personal and financial data. Some users now pay to have it removed from their systems.

The Technical Vulnerability

A critical vulnerability (CVE-2026-25253, CVSS 8.8) allowed one-click remote code execution even against localhost-bound instances. The flaw was patched in version 2026.1.29, but many instances remain unpatched.

Broader Implications

The crisis highlights the tension between open-source AI agent adoption and security. As more people install tools that can control their computers, the attack surface expands rapidly.