not good for OPENCLAW

Name: not good for OPENCLAW
Uploaded: 2026-02-07T02:45:09.000Z
Duration: 36 min 15 s

Security Breaches in OpenClaw Ecosystem

Overview of Security Issues

The video discusses significant security breaches related to OpenClaw (also known as Claudebot or Moldbot), highlighting the discovery of sleeper agents on users' computers.

These sleeper agents may remain dormant for extended periods, only activating upon the utterance of a specific code word, posing a hidden threat to users.

Instances have been reported where malicious actors have taught bots to escape their secure environments and install themselves directly onto user systems.

API Key Leaks and Malware Concerns

Over 1.5 million API keys have been leaked, raising concerns about the integrity and security of user data within the ecosystem.

Some popular skills on Claw Hub are reportedly infected with malware, which can compromise user devices when AI agents learn new skills.

Community Reactions and Capabilities

The community is divided regarding OpenClaw; some view it as an innovative tool while others see it as a severe security risk due to its lack of safety features.

The effectiveness of OpenClaw stems from its extensive capabilities, but this also increases potential dangers since many safety measures are disabled or minimized.

Understanding Skills and Their Risks

Skill Functionality

Skills in OpenClaw function like detailed recipes that guide AI agents through tasks, such as converting daily news into podcasts using platforms like Twitter or YouTube.

Users might not recognize malicious intent in seemingly benign skills due to their normal appearance and instructions.

Installation Process Vulnerabilities

Skills often require prerequisite installations that could lead to vulnerabilities if they link to compromised pages designed to execute harmful commands.

A command within a skill file can lead an agent to run obfuscated payload scripts that bypass built-in security measures like Mac OS's Gatekeeper.

Prompt Injection Threat Explained

Nature of Prompt Injections

The discussion shifts towards prompt injections—malicious commands embedded within text files that exploit how AI agents interpret instructions.

Unlike traditional text files that merely display characters without understanding context, modern AI agents comprehend semantic meaning, making them susceptible to these attacks.

Evolution of Text File Risks

Historically, risks associated with text files were technical (e.g., exploiting bugs), but now they involve semantic manipulation due to advanced language models recognizing commands within texts.

AI Command Execution Risks

Understanding AI Agent Vulnerabilities

The speaker discusses the potential dangers of AI agents executing commands without user awareness, emphasizing that a cleverly worded command can lead to unintended consequences.

Text files (.txt or .md) are not merely text; they can contain executable commands for AI agents, which may run scripts that compromise security.

If an AI agent is instructed to open a file and execute commands within it, it may inadvertently leak sensitive information like API keys to malicious actors.

Security Precautions and Recommendations

Users of platforms like Clawhub should rotate their API keys regularly due to the heightened risk of exposure from using these tools.

The speaker shares personal experiences with security risks while testing various tools, highlighting the importance of understanding potential vulnerabilities before engaging with them.

Personal Approach to Testing and Security

The speaker adopts a hands-on approach in testing AI tools, acknowledging the risks involved but also aiming to provide insights based on real experiences.

They compare their role in testing these technologies to that of stunt doubles who knowingly take risks for their profession, indicating a calculated approach towards potential data leaks.

Incident Reports and Industry Responses

After experiencing issues with data leaks, the speaker took steps such as rotating API keys and deleting potentially sensitive information from logs.

Cisco has released an open-source skill checker on GitHub aimed at identifying vulnerabilities in AI systems, reflecting industry efforts to enhance security measures against such threats.

Notable Security Breaches

A significant breach was reported by Whiz researchers regarding Moldbook's flaws, exposing over 1.5 million API tokens and thousands of user emails due to poor encryption practices by users.

Many users failed to secure their API keys properly, leading them to be stored in chat logs where they could easily be accessed by unauthorized parties.

Security Concerns with AI Agents

Risks of Storing Sensitive Information

The potential for sensitive information, such as secret keys, to be extracted from chat logs raises significant security concerns. Even if an agent operates correctly after storing these keys, the unencrypted data remains vulnerable.

Impact on User Security and Development

Many users may initially face security breaches due to credential loss; however, this situation could accelerate advancements in understanding AI agents and enhance security measures.

Cisco's Skill Scanner Initiative

Cisco has developed a skill scanner that utilizes semantic understanding to analyze skills for discrepancies between their descriptions and actual functionalities. This tool flags suspicious commands or behaviors.

Findings from Cisco's Research

A notable case involved a popular skill manipulated through bot voting, which was found to perform malicious actions like zipping sensitive files and sending them externally.

Cisco's report revealed alarming findings including the creation of sleeper agents—instructions that activate under specific conditions—and methods for escaping secure environments.

Credential Harvesting Threats

The research highlighted various techniques used by malicious agents to harvest credentials from platforms like OpenAI and AWS, emphasizing the need for robust defenses against such threats.

Validity of Cisco's Tools

The legitimacy of the tools developed by Cisco is confirmed through official sources, ensuring users can trust their capabilities in enhancing AI security.

Future Directions in AI Security

While AI agents are powerful tools, they also introduce new security challenges. Ongoing development of tools like the Skill Scanner aims to provide better protection for users interacting with these technologies.

Caution Moving Forward

Users are encouraged to exercise caution when using AI agents due to potential vulnerabilities in chat logs and external interactions. Awareness of attack surfaces is crucial for safe usage.

Need for Comprehensive Scanning Tools

There is a call for more comprehensive scanning tools that can identify hidden threats within memory storage and chat logs. Users must actively manage what gets saved in these logs.

Conclusion on Current State of AI Security

Despite existing risks, there remains optimism about future developments in AI security solutions. However, awareness of current vulnerabilities is essential as technology continues evolving rapidly.

What Are the Risks of New Technology?

Navigating the Wild West of Technology

The speaker discusses the uncertainty surrounding new technology, likening it to a "wild wild west" era where risks are prevalent.

Emphasizes the importance of caution when using Open CL, suggesting a complete reset and manual input of keys instead of relying on chat windows due to increased risks.

Highlights that previously manageable risks have escalated, making even small investments in APIs feel more significant and concerning.

Suggests starting from scratch with skill-building tools like Cisco skill scanners while being wary of connecting to various social networks due to potential vulnerabilities.

Invites feedback on whether these developments have negatively impacted users' experiences with technology.