573. Malwarebytes - OpenClaw Security Analysis
Basic Information
| Field | Content |
|---|---|
| Product ID | 573 |
| Name | Malwarebytes - OpenClaw Security Analysis |
| Type | Security Vendor Analysis |
| Publishing Media | Malwarebytes |
| URL | https://www.malwarebytes.com/blog/news/2026/02/openclaw-what-is-it-and-can-you-use-it-safely |
Summary
Malwarebytes, a globally renowned anti-malware vendor, has published several in-depth analysis reports on the security of OpenClaw, covering basic security assessments and threats posed by counterfeit installers.
Core Content
Security Assessment Report
#### Title: "OpenClaw: What is it and can you use it safely?" (February 2026)
- OpenClaw is an open-source autonomous AI agent launched in November 2025
- Runs on the user's local computer
- Can manage tasks, interact with applications, and directly read/write files
Vulnerability Data
| Metric | Data |
|---|---|
| Codebase Vulnerabilities | 512 |
| Number of Malicious Skills | 824+ (as of February 16, 2026) |
| Total Skill Registrations | 10,700+ |
| Malicious Ratio | Approximately 20% (Bitdefender estimates around 900) |
| Exposed Instances | 42,665 (independent research) |
Key Vulnerability - ClawJacked
- Gateway opens a WebSocket listener to receive commands
- No token, origin checks, or any form of authentication
- This means anyone with access to the port can send commands to the agent
Exposed Instances Growth
- Censys tracked growth from around 1,000 to 21,000+ between January 25 and 31, 2026
- Bitsight observed over 30,000 instances
- Independent research identified 42,665 exposed instances
Counterfeit Installer Threat (March 2026)
- Attackers placed counterfeit OpenClaw "installers" on GitHub
- Bing AI search results directed users to these malicious links
- Actually delivered information stealers and proxy malware
- URL: https://www.malwarebytes.com/blog/news/2026/03/beware-of-fake-openclaw-installers-even-if-bing-points-you-to-github
Security Recommendations
- Running OpenClaw in a sandboxed VM or container
- Using isolated hosts
- Default deny outbound traffic
- Setting up strict allowlists
Key Insights
- High Vulnerability Density - 512 vulnerabilities covering the codebase, API, skill system, and message integration
- Severe Ecosystem Pollution - A shocking 20% malicious skill ratio
- Rapid Expansion of Exposure - Exposed instances grew 21 times in one week
- Weaponization of Search Engines - Bing directed users to malicious installers
Relationship with OpenClaw Ecosystem
Malwarebytes' analysis is one of the most authoritative assessments in the OpenClaw security ecosystem. Its detailed vulnerability data and security recommendations have directly influenced enterprise and individual user decisions regarding OpenClaw security.