TLDR: OpenClaw presents security risks as its agent skills access sensitive data through markdown files that can disguise harmful commands. Instances of malware disguised as “skills” have been identified, posing threats to corporate devices. Users are warned against using OpenClaw on work devices, emphasizing the importance of security measures for skill registries and agent frameworks to prevent exploitation.
https://1password.com/blog/from-magic-to-malware-how-openclaws-agent-skills-become-an-attack-surface

