OpenClaw: your new AI assistant steals passwords (while you sleep)

Remember how we all dreamed about an AI that doesn't just chat, but actually works? OpenClaw burst onto the scene with exactly this promise. It went through several names — from Clawdbot to Moltbot — before becoming a favorite among tech enthusiasts. "I'll clean up your email, book tickets, and organize your calendar," it said. And we, desperate for real automation, gladly opened the doors to it. But, as it turned out this week, along with the doors we also opened our safes full of personal data.

The problem came from an unexpected place — the "skills" marketplace. These are extensions that teach the agent how to interact with specific services. Jason Meller, Vice President of 1Password, raised the alarm: hundreds of these add-ons turned out to be plain malware. Most ironically, the most downloaded "skill" in OpenClaw's marketplace served as a direct highway for delivering a virus to your device. This isn't just a coding error; it's a systemic architectural failure where trust trumps security.

Why did this happen now? OpenClaw became a victim of its own success and excessive openness. The developers wanted to create an ecosystem like the App Store, but forgot about strict moderation. When you give a program access to read your emails and manage your files, any vulnerability becomes a catastrophe. An AI agent is not just a chatbot — it's a digital proxy with your permissions. If this proxy decides to "improve" itself through a dubious plugin, the consequences could be fatal for your privacy.

The industry is currently at a crossroads. On one hand, giants like OpenAI and Anthropic are pulling us into a world of "agents" that do everything for us. On the other — the OpenClaw case shows that we are absolutely unprepared for security issues in this field. If a regular plugin can steal your authentication tokens while the AI is "sorting through spam," then the price of such productivity becomes unreasonably high. We're seeing the birth of a new category of cyber threats that previous-generation antivirus software is simply not equipped to handle.

We used to fear that AI would become too smart and take over the world. Turns out, we should fear it becoming too convenient a tool for old-fashioned hackers. OpenClaw positioned itself as a local and secure solution, but locality doesn't help if you yourself let in a Trojan horse through the front door of the marketplace. This case should be a cold shower for everyone who believes in "open ecosystems" without proper oversight.

This incident will surely dampen the enthusiasm of many startups planning to launch their own agent stores in the coming months. Now they'll have to explain how they plan to verify thousands of lines of code in every user-created extension. Without strict curation and deep code analysis, the "agent economy" risks becoming the biggest security hole of the decade. We're standing on the threshold of an era where the main battle will be fought not over the number of features, but over the right to be called a secure assistant.

The bottom line: Trusting an AI agent with access to your accounts today is like giving the keys to your apartment to a stranger who promised to clean the floors. Convenient, but there's a good chance you'll come back to an empty apartment. Are we really willing to pay such a price for calendar automation?