Security Researchers Find Critical Flaws in 7.1% of ClawHub Skills as 30,000 OpenClaw Instances Remain Exposed Online

Security researchers discover critical flaws in 7.1% of ClawHub's nearly 4,000 skills that expose sensitive credentials, while over 30,000 OpenClaw instances remain dangerously exposed online, prompting China's Ministry of Industry and Information Technology to issue urgent security alerts about the platform's extensive enterprise system access risks.

• OpenClaw partners with Google-owned VirusTotal to scan skills uploaded to ClawHub marketplace, creating SHA-256 hashes and using Code Insight capability to automatically approve benign skills while blocking malicious ones
• Security researchers discover that 7.1% of ClawHub's 3,984 skills contain critical flaws exposing sensitive credentials, with over 30,000 OpenClaw instances currently exposed on the internet
• China's Ministry of Industry and Information Technology issues alert about misconfigured OpenClaw instances as the platform's extensive system access creates new enterprise security risks beyond traditional app stores