CertiK: OpenClaw AI Agent Puts Crypto Wallets at Risk
Cybersecurity firm CertiK warns that the rapidly growing OpenClaw AI agent poses significant security risks, potentially draining crypto wallets via malicious skills.Summary
Cybersecurity firm CertiK has issued a warning regarding the security risks associated with the self-hosted AI agent OpenClaw, which integrates with platforms like WhatsApp and Telegram and can execute autonomous actions on users' computers. Despite its rapid growth to over 300,000 GitHub stars since launching as Clawdbot, OpenClaw has accumulated significant security debt, including over 280 GitHub Security Advisories and 100 CVEs, with thousands of instances found to be vulnerable to remote code execution.
The primary danger stems from OpenClaw acting as a bridge between external inputs and local execution, creating vectors like local gateway hijacking. CertiK specifically highlights the threat of "malicious skills" installed from local or marketplace sources, which can manipulate behavior via natural language to exfiltrate sensitive data, including cryptocurrency wallet credentials for major wallets like MetaMask and Phantom. Attackers have reportedly seeded these malicious skills across high-value categories targeting the crypto ecosystem.
OpenClaw founder Peter Steinberg acknowledged ongoing security improvements. However, CertiK strongly advises ordinary users who are not security professionals or experienced developers to avoid installing and using OpenClaw until more mature and hardened versions are available, citing a clear overlap between the attack methods and established crypto-theft playbooks.
(Source:Cointelegraph)