OpenClaw's 'Malicious Skills' Are Hunting Your Crypto — CertiK Says Only Geeks Should Touch This

OpenClaw might look like a handy AI assistant that hooks into WhatsApp, Slack, and Telegram to handle your email, calendars, and files. But CertiK is warning it could also drain your crypto wallet clean.

The cybersecurity firm says the self-hosted AI agent has become a "primary supply chain attack vector at scale" with serious security holes that could let attackers extract passwords, wallet credentials, and execute unauthorized commands on your machine.

The platform launched in November 2025 as a side project called Clawdbot and exploded to around 300,000 GitHub stars and an estimated 2 million monthly active users. That rapid growth came with what CertiK calls serious "security debt." Within weeks of launch, researchers identified 30,000 internet-exposed instances, with 135,000 found across 82 countries — 15,200 of those vulnerable to remote code execution.

Here's the scary part: attackers are seeding "malicious skills" across the OpenClaw marketplace. These aren't your typical malware. They can manipulate behavior through natural language and resist conventional scanning. The malicious plugins target high-value categories including Phantom utilities, wallet trackers, insider-wallet finders, Polymarket tools, and Google Workspace integrations.

CertiK says the primary payload is designed to hit browser extension wallets en masse — MetaMask, Phantom, Trust Wallet, Coinbase Wallet, OKX Wallet, and many others.

"These are all well-known plays from the crypto drainer playbook," the researchers noted. "We did see them used here."

The firm is advising ordinary users — specifically those "who are not security professionals, developers, or experienced geeks" — to stay away. Don't install OpenClaw from scratch. Wait for "more mature, hardened, and manageable versions."

OpenClaw founder Peter Steinberg, who recently joined OpenAI, said at the ClawCon event in Tokyo that they've been working on security for the last two months. "Things are a lot better on that front," he said.

Earlier this month, OX Security also reported a phishing campaign using fake GitHub posts and a bogus "CLAW" token to lure OpenClaw developers into connecting their crypto wallets.

So yeah, maybe let the geeks beta-test this one first.