OpenClaw (formerly known as Moltbot and Clawdbot) has recently announced a strategic partnership with VirusTotal, a subsidiary of Google, to enhance the security of the agentic ecosystem. This collaboration aims to scan all skills uploaded to ClawHub, OpenClaw’s skill marketplace, using VirusTotal’s threat intelligence and Code Insight capability.
According to OpenClaw’s founders Peter Steinberger, Jamieson O’Reilly, and Bernardo Quintero, every skill published on ClawHub undergoes a thorough scan using VirusTotal’s technology. This process involves creating a unique SHA-256 hash for each skill and cross-referencing it with VirusTotal’s database. Skills with a “benign” Code Insight verdict are approved, while suspicious ones are flagged for further analysis. Malicious skills are promptly blocked from download.
It’s important to note that while VirusTotal scanning adds an extra layer of security, it’s not foolproof. Some malicious skills may still slip through undetected, especially those utilizing sophisticated prompt injection techniques.
In addition to the VirusTotal partnership, OpenClaw is set to release a comprehensive threat model, security roadmap, reporting process, and details of its security audit. This initiative follows reports of malicious skills on ClawHub, prompting the platform to introduce a reporting feature for users to flag suspicious content.
The growing popularity of OpenClaw and its associated social network, Moltbook, has raised concerns about security risks. These AI agents, designed to streamline tasks and interact with various services, can inadvertently expose users to malware and prompt injection attacks due to their broad access and data processing capabilities.
Several security issues have been identified in OpenClaw, including misclassified traffic, insecure coding practices, and vulnerabilities leading to remote code execution. These flaws underscore the need for robust security measures to mitigate the risks posed by AI agents and their integrations.
The collaboration with VirusTotal and the forthcoming security enhancements demonstrate OpenClaw’s commitment to safeguarding its community against malicious threats. By proactively addressing security vulnerabilities and promoting transparency, OpenClaw aims to create a safer environment for users to leverage AI capabilities effectively.
