OpenClaw AI skills are facing intense scrutiny after security researchers uncovered a wave of malicious add-ons hidden inside its fast-growing skill marketplace. Users searching for ways to automate daily tasks are now asking a pressing question: is OpenClaw safe to use? Within days of its surge in popularity, experts say the platform’s open add-on system has become a major security risk, exposing devices, credentials, and sensitive data to hidden threats.

OpenClaw AI’s Rapid Rise Brings New Risks

OpenClaw emerged almost overnight as a powerful AI agent designed to “actually do things” rather than just respond to prompts. It promises hands-on automation like managing calendars, cleaning inboxes, organizing files, and running scripts locally on a user’s device. That local execution model has been marketed as a privacy-friendly alternative to cloud-based AI assistants.

However, convenience comes at a cost. Many users grant OpenClaw deep system permissions, including the ability to read and write files, execute commands, and automate workflows. While these capabilities unlock impressive productivity features, they also create a dangerous opening when combined with unverified third-party skills.

The Skill Marketplace Becomes an Attack Surface

OpenClaw’s skill hub allows anyone to upload add-ons designed to extend the AI agent’s abilities. Security analysts warn that this openness has turned the marketplace into what they describe as an “attack surface.” In simple terms, malicious actors can hide harmful code inside tools that appear useful or popular.

Researchers identified hundreds of harmful skills uploaded in a matter of days. Some of these add-ons were disguised as productivity boosters or financial automation tools, making them appealing to users looking for advanced features. Once installed, the skills prompted actions that exposed sensitive information or executed harmful commands.

Malicious OpenClaw AI Skills Target Sensitive Data

Investigations revealed that many malicious OpenClaw AI skills focused on stealing high-value data. These add-ons were designed to extract private keys, login credentials, API tokens, and saved passwords from infected devices. In some cases, users were manipulated into manually running commands that gave attackers even deeper access.

The most concerning aspect is how subtle the attacks were. Instead of exploiting software bugs, the malicious skills relied on social engineering. They used believable instructions, polished descriptions, and trusted labels to convince users and the AI agent itself to perform unsafe actions.

Why Markdown-Based Skills Raise Red Flags

Another critical issue lies in how OpenClaw skills are packaged. Many add-ons are uploaded as simple text-based instruction files rather than fully sandboxed code. While this makes development easier, it also allows harmful instructions to slip through with minimal oversight.

Security experts point out that these instruction files can guide both users and the AI agent to visit harmful links, download external scripts, or run commands without fully understanding the consequences. When combined with broad system permissions, even a single misleading instruction can compromise an entire device.

Popular Skills Can Be the Most Dangerous

One of the most troubling findings is that highly downloaded skills are not necessarily safe. In fact, popularity can work against users. Malicious actors often aim to boost downloads quickly, knowing that users equate high usage with trustworthiness.

Researchers flagged one widely used skill that appeared to offer integration with a major social platform. Hidden within its instructions were steps that led users toward executing commands that could expose private data. This tactic demonstrates how easily trust can be exploited in open AI ecosystems.

OpenClaw’s Security Model Under Pressure

The situation highlights a broader challenge facing AI agents that operate locally with high levels of autonomy. Unlike traditional apps, AI agents can interpret instructions dynamically and act on them in unpredictable ways. When paired with unverified extensions, this flexibility becomes a liability.

Security professionals argue that OpenClaw needs stronger safeguards, including stricter skill review processes, permission transparency, and clearer warnings for users. Without these measures, the platform risks eroding trust just as interest in AI agents reaches new highs.

What Users Should Do Right Now

For users already experimenting with OpenClaw AI skills, caution is essential. Experts recommend limiting system permissions, avoiding skills that require command execution, and carefully reviewing instructions before installing any add-on. Productivity gains are not worth the risk of losing sensitive data or compromising an entire system.

The OpenClaw incident serves as a reminder that AI tools are only as safe as the ecosystems built around them. As AI agents become more powerful and autonomous, security must evolve just as quickly.

A Wake-Up Call for the AI Agent Era

OpenClaw’s security issues are not just a platform-specific problem. They reflect a growing tension between innovation and safety in the AI agent space. Open marketplaces encourage creativity, but without strong guardrails, they also invite abuse.

As users continue to embrace AI agents that can act on their behalf, the need for responsible design, oversight, and user education has never been greater. OpenClaw’s challenges may ultimately shape how future AI platforms balance openness with protection in a rapidly changing digital landscape.