What are OpenClaw skills?

Markdown files packed with instructions for AI agents — 46,000+ in the ecosystem, downloaded and executed raw.

How many OpenClaw skills contain malicious patterns?

14.5% in a 2,000-skill sample failed scans; 5-8% likely genuine threats after triage.

What does clawhub-bridge do?

Scans skills for 145 behavioral patterns like exfiltration, homoglyphs, and escalations — behavioral security for AI agents.

🔒 Security & Privacy

14.5% of OpenClaw Skills Hide Malicious Tricks — I Scanned Them All

Nobody scanned OpenClaw's 46,000 skills for malice — until now. 14.5% failed, exposing credential theft, sneaky payloads, and agent chains that could hijack your AI.

theAIcatchup Apr 03, 2026 4 min read 58 views

Bar chart of top malicious patterns in 2,000 OpenClaw skills scan

⚡ Key Takeaways

14.5% of sampled OpenClaw skills failed security scans for malicious behaviors. 𝕏
Top risks: data exfiltration (576 cases), homoglyphs (158), and privilege escalations. 𝕏
Curation helps but doesn't eliminate subtle threats; behavioral scanning is essential. 𝕏

Published by

theAIcatchup

Community-driven. Code-first.

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by Dev.to

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

React Server Components' Perfect-Score RCE Flaw Exposes Millions of Apps

Anthropic's One-Line Fumble Leaks Billions in Code

Quantum Harvest Is Here: Harden Your TLS Stack Against Tomorrow's Decryption

Authenticated AI Agents Still Failing: Enter Decision Governance

Stay in the loop