OpenClaw Partners with VirusTotal to Strengthen Security Amid Rising AI Agent Threats
OpenClaw, the open-source AI automation platform formerly known as Moltbot and Clawdbot, has announced a partnership with Google-owned VirusTotal to enhance security for its skill marketplace, ClawHub. All skills uploaded to the platform will now undergo scanning using VirusTotal’s threat intelligence, including its new Code Insight capability, to detect malicious payloads.
The process involves generating a SHA-256 hash for each skill and cross-referencing it against VirusTotal’s database. If no match is found, the skill is uploaded for deeper analysis. Skills deemed benign are automatically approved, while suspicious ones are flagged with warnings, and malicious ones are blocked from download. OpenClaw also conducts daily rescans of active skills to identify any that may have been compromised post-approval.
Despite these measures, OpenClaw’s maintainers acknowledge that VirusTotal’s scanning is not foolproof, as sophisticated prompt injection attacks may evade detection. The partnership follows reports of hundreds of malicious skills on ClawHub, some of which were found to exfiltrate data, install backdoors, or deploy stealer malware under the guise of legitimate tools.
The platform’s rapid adoption alongside Moltbook, its AI agent social network has raised concerns about its security risks. OpenClaw’s ability to trigger workflows, interact with online services, and process untrusted data expands the attack surface, enabling threats like prompt injection and malware distribution. Security researchers warn that AI agents, which interpret natural language and make autonomous decisions, blur the line between user intent and execution, making them vulnerable to manipulation.
Key security flaws identified in OpenClaw include reliance on language models for critical security decisions, lack of default sandboxing, ineffective filtering of untrusted content, and plaintext storage of API keys and session tokens. Without explicit user approval, skills can execute tool calls, granting attackers potential access to sensitive data, unauthorized commands, and additional payloads.
The risks are amplified by the platform’s growing use in enterprise environments without formal IT oversight, creating a new category of Shadow AI threats. Unlike browser extensions, which operate in isolated sandboxes, OpenClaw agents run with the full privileges granted by users, potentially compromising multiple systems if a malicious skill is installed.
China’s Ministry of Industry and Information Technology has issued an alert about misconfigured OpenClaw instances, emphasizing the need for proper security controls. Security experts note that the rapid adoption of AI agents outpaces security best practices, turning misconfigurations into a primary attack vector. The regulator’s focus on configuration risks rather than outright bans underscores the dual-edged nature of AI agents boosting productivity while expanding the potential impact of breaches.
Source: https://thehackernews.com/2026/02/openclaw-integrates-virustotal-scanning.html
OpenClaw cybersecurity rating report: https://www.rankiteo.com/company/openclawai
VirusTotal cybersecurity rating report: https://www.rankiteo.com/company/virustotal
"id": "OPEVIR1770537272",
"linkid": "openclawai, virustotal",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of ClawHub, Enterprise '
'environments without formal IT '
'oversight',
'industry': 'Technology, AI, Automation',
'name': 'OpenClaw (formerly Moltbot and Clawdbot)',
'type': 'Open-Source AI Automation Platform'}],
'attack_vector': 'Malicious skills uploaded to ClawHub, Prompt Injection, '
'Untrusted Content Execution',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive data, API keys, '
'Session tokens, Personally '
'identifiable information'},
'description': 'OpenClaw, the open-source AI automation platform formerly '
'known as Moltbot and Clawdbot, has partnered with VirusTotal '
'to enhance security for its skill marketplace, ClawHub. The '
'partnership aims to detect malicious payloads in skills '
'uploaded to the platform, following reports of hundreds of '
'malicious skills that exfiltrate data, install backdoors, or '
'deploy stealer malware. Despite security measures, '
'sophisticated prompt injection attacks may evade detection, '
"and the platform's rapid adoption has raised concerns about "
'security risks in enterprise environments without formal IT '
'oversight.',
'impact': {'brand_reputation_impact': 'Negative perception due to security '
'risks and malicious skills on the '
'platform',
'data_compromised': 'Sensitive data, API keys, Session tokens, '
'Personally identifiable information',
'identity_theft_risk': 'High',
'operational_impact': 'Potential unauthorized commands, Data '
'exfiltration, Malware deployment, '
'Compromised systems',
'systems_affected': 'OpenClaw AI automation platform, ClawHub '
'skill marketplace, Enterprise environments '
'using OpenClaw without IT oversight'},
'initial_access_broker': {'backdoors_established': 'Yes',
'entry_point': 'Malicious skills uploaded to '
'ClawHub',
'high_value_targets': 'Enterprise environments '
'without formal IT oversight'},
'lessons_learned': 'Rapid adoption of AI agents outpaces security best '
'practices, turning misconfigurations into a primary '
'attack vector. AI agents blur the line between user '
'intent and execution, making them vulnerable to '
'manipulation. Reliance on language models for security '
'decisions and lack of sandboxing increase risks.',
'motivation': 'Data Theft, Unauthorized Access, Malware Deployment, '
'Exploitation of AI Agent Privileges',
'post_incident_analysis': {'corrective_actions': 'Partnership with '
'VirusTotal, Implementation '
'of Code Insight, Daily '
'rescans of active skills, '
'Blocking of malicious '
'skills, Regulatory alerts '
'and advisories',
'root_causes': 'Lack of default sandboxing, '
'Ineffective filtering of untrusted '
'content, Plaintext storage of API '
'keys and session tokens, Reliance '
'on language models for critical '
'security decisions, Execution of '
'tool calls without explicit user '
'approval, Rapid adoption without '
'security best practices'},
'recommendations': 'Implement default sandboxing for AI agents, Improve '
'filtering of untrusted content, Avoid plaintext storage '
'of API keys and session tokens, Require explicit user '
'approval for tool calls, Enhance monitoring and threat '
'detection for AI agent activities, Adopt formal IT '
'oversight for enterprise AI agent deployments',
'references': [{'source': 'OpenClaw Announcement'},
{'source': 'China’s Ministry of Industry and Information '
'Technology Alert'}],
'regulatory_compliance': {'regulatory_notifications': 'China’s Ministry of '
'Industry and '
'Information Technology '
'issued an alert about '
'misconfigured OpenClaw '
'instances'},
'response': {'containment_measures': 'SHA-256 hash scanning of skills, Daily '
'rescans of active skills, Blocking of '
'malicious skills, Flagging of '
'suspicious skills',
'enhanced_monitoring': 'Daily rescans of active skills',
'remediation_measures': 'Partnership with VirusTotal, '
'Implementation of Code Insight for '
'deeper analysis, Automatic approval of '
'benign skills',
'third_party_assistance': 'VirusTotal (Google-owned threat '
'intelligence platform)'},
'title': 'OpenClaw Partners with VirusTotal to Strengthen Security Amid '
'Rising AI Agent Threats',
'type': 'Malware Distribution, Data Exfiltration, Prompt Injection, Backdoor '
'Installation',
'vulnerability_exploited': 'Lack of default sandboxing, Ineffective filtering '
'of untrusted content, Plaintext storage of API '
'keys and session tokens, Reliance on language '
'models for critical security decisions, Execution '
'of tool calls without explicit user approval'}