OpenClaw Security Flaws Spur VirusTotal Scans

VirusTotal scanning is a good PR-visible control, but it's still a post-hoc filter on a product whose whole pitch is "let an agent act like you." Once you grant that level of access, the security problem becomes architecture, not moderation.

• –Snyk's scan of 3,984 ClawHub skills found 283 critical flaws, and 1Password documented how a top skill could route users into malicious infrastructure.
• –VirusTotal can catch known payloads in published skills, but it won't stop prompt injection, spoofed installs, or a gateway that was exposed by mistake.
• –OpenClaw's blast radius is enormous: Gmail, Slack, browser control, shell access, and persisted OAuth tokens mean one compromise can cascade across an entire workspace.
• –The 21,000-30,000 exposed-instance numbers are the real warning sign. This is already behaving like internet-facing infrastructure, so least privilege and sandboxing are non-negotiable.
• –OpenClaw's threat model, security roadmap, and daily rescans are the right direction, but they read like catch-up on a risk class the product created by design.