Threat Analysis: OpenClaw Under the Microscope

A new Bleeping Computer / Flare report analyzes how OpenClaw is being discussed on underground forums and dark web channels — and what the actual threat level is.

February 26, 2026

February 26, 2026 — Since its rapid rise in popularity, OpenClaw (formerly Clawdbot and Moltbot) has attracted attention from more than just automation enthusiasts. Security researchers and threat intelligence firms are watching closely.

A new analytical report from Bleeping Computer, based on data from Flare, sheds light on how the project is being discussed across open and closed internet communities — including underground forums and Telegram channels.

Key Findings

Hype Outpaces Actual Threat

Despite thousands of OpenClaw mentions on dark web forums, the analysis shows that most discussions were initiated by security researchers — not active threat actors exploiting the platform at scale. The conversations are focused on potential risks rather than the sale of ready-made attack tooling.

The Real Attack Vector: Malicious Skills

The confirmed, most serious risk centers on the ClawHub skill marketplace. Hundreds of malicious “skills” have already been identified that, under the guise of useful tools, deliver infostealers, remote access trojans (RATs), and other malware to users who install them.

Real Vulnerabilities Exist

Researchers identified several significant security issues, including CVE-2026-25253 — a one-click remote code execution vulnerability. More broadly, skills lack a sandbox environment, meaning they run with the full system permissions of the agent process.

Early-Stage Exploitation

Flare analysts conclude that the criminal ecosystem is still in an early experimentation phase with OpenClaw. The infrastructure for mass exploitation is being studied, but hasn’t been fully deployed yet.

What This Means for Users

The threat is real but targeted. The most likely attack path isn’t some sophisticated exploit — it’s a user installing a malicious skill from an untrusted source.

Practical recommendations:

  1. Only install skills from trusted, verified sources
  2. Read the SKILL.md and scripts before installing anything
  3. Keep OpenClaw updated — security patches are released regularly
  4. Enable requireConfirmation for shell and file actions
  5. Never run as root

The community’s security posture is improving. OpenClaw has partnered with VirusTotal for skill scanning, and ClawHub now requires review before publishing new entries.

Back to OpenClaw Hub