OpenClaw, an open-source AI agent that runs locally and automates tasks through messaging apps including WhatsApp, Telegram, and iMessage, has built a large following in tech communities while quietly becoming one of the more significant security problems in consumer AI.
Users are giving the agent broad access to their devices and accounts to manage calendars, clear inboxes, and buy tickets. The openness that makes OpenClaw useful is the same quality that has made it a target. Third-party skills, installed to extend the agent's capabilities, have introduced serious vulnerabilities across the platform.
The scale of the problem has been detailed by multiple researchers. Wiz uncovered 1.5 million exposed API keys and 35,000 email addresses, while 404 Media reported a vulnerability that allowed outsiders to take control of agents running on Moltbook, the social platform built around OpenClaw agents.
Jason Meller, vice president of product at 1Password, warned that the platform's add-on marketplace had become an attack surface, with its most-downloaded add-on acting as a malware delivery vehicle, according to a company blog post. Researchers found hundreds of malicious skills listed openly on the OpenClaw skill hub.
Related reading
- Microsoft warns AI agents risk becoming "double agents" as it unveils security controls at RSAC
- Microsoft makes water utility cybersecurity programme permanent after pilot reveals sector's vulnerability
- Apple issues iOS 18 security update for older iPhones
Anthropic has moved to limit its exposure, telling users it will no longer allow Claude subscription limits to be used for third-party harnesses, including OpenClaw, and requiring pay-as-you-go billing for such access instead.
OpenClaw's creator, Peter Steinberger, has since moved to OpenAI. Sam Altman said on X that Steinberger has ideas about multi-agent interactions worth pursuing. Steinberger noted he and board member Dave Morin had tried to change Anthropic's position, saying the best they managed was delaying the decision by a week.
The recap
- OpenClaw adoption surges while raising security and policy concerns
- Wiz found 1.5 million exposed API keys and 35,000 emails
- Anthropic requires pay-as-you-go billing for OpenClaw access from users
