OpenClaw and AI risk: 3 AppSec lessons

The OpenClaw agent platform rapidly gained adoption but lacked basic security controls, leading to large-scale supply-chain incidents: an exposed Moltbook database leaking 1.5M API tokens and credentials, hundreds of malicious skills on ClawHub delivering info-stealing malware and backdoors, marketplace impersonation and malicious VS Code extensions, and the emergence of agent-only black markets. Researchers demonstrated active exploitation vectors (XSS account takeover, zero-click backdoors, hosted payloads) and call for auditing agent artifacts, secrets management, and new semantic security tooling to address the plaintext attack surface introduced by agentic AI.