Global Security Concerns Follow Viral Popularity of OpenClaw’s Agentic AI 

_{Photo credit: Monkey Business Images / Shutterstock.com}

OpenClaw, an open-source artificial intelligence agent previously known as Clawdbot and Moltbot, has gained rapid popularity as a potentially powerful autonomous AI assistant since launching in November 2025. 

While it has generated excitement regarding its possible uses, its ascent is accompanied by concerns from cybersecurity experts, governments, and researchers about potential harms.

OpenClaw runs locally on users’ devices and can access email, calendars, files, and messaging apps to act on behalf of a person rather than just responding to prompts. This capability has driven viral interest, with hundreds of thousands of developers and enthusiasts exploring the software.

However, in addition to possible liability and accountability issues, critics say this level of autonomy could lead to serious security concerns. Security researchers have documented widespread vulnerabilities, calling the third-party “skills” (extensions) in OpenClaw’s ecosystem an “attack surface.” These could potentially exfiltrate sensitive data such as API keys, credentials, and crypto wallet information.

A recent audit of skills on OpenClaw found 341 malicious skills out of 2,857, with 335 from just one campaign. Malicious skills could be disguised as productivity tools and actually be malware.

Security researchers also hacked the associated Moltbook platform, a Reddit-like social network exclusively for AI agents built on OpenClaw, in under three minutes. They exposed millions of API tokens, as well as private emails and direct messages, showing how these systems can leak sensitive information.

China’s Ministry of Industry and Intelligence Technology has issued a warning that OpenClaw could put systems at risk of cyberattacks, and that hackers could exploit weak controls, a lack of monitoring, or identity mismanagement. 

While China has not banned OpenClaw, it has expressed concern about rapid adoption without appropriate regulation, as malicious third parties could exploit vulnerabilities created by agentic tools.