Security vendor Noma reported that 53% of its enterprise customers gave OpenClaw privileged access over a single weekend, according to a January 30 Gartner analysis. Gartner characterized OpenClaw as “a powerful demonstration of autonomous AI for enterprise productivity, but it is an unacceptable cybersecurity liability” and recommended enterprises “block OpenClaw downloads and traffic immediately,” describing shadow deployments as creating “single points of failure, as compromised hosts expose API keys, OAuth tokens, and sensitive conversations to attackers.”
OpenClaw surpassed 150,000 GitHub stars in late January, gaining viral popularity on social media. The platform, launched in November 2025 and rebranded twice due to trademark disputes, allows community-developed “skills” that run with full access to the agent’s tools and data—the architecture that ClawHavoc exploited.
Limitations of malware scanning
While the VirusTotal integration addresses known malware in the skills marketplace, OpenClaw acknowledged significant limitations in the announcement. “Let’s be clear: this is not a silver bullet,” the announcement stated. “A skill that uses natural language to instruct an agent to do something malicious won’t trigger a virus signature. A carefully crafted prompt injection payload won’t show up in a threat database.”
