AI agents like OpenClaw could drain crypto wallets via ‘malicious skills’: CertiK

CertiK has advised ordinary users “who are not security professionals, developers, or experienced geeks” against installing and using OpenClaw.

The widespread integration of AI assistants such as OpenClaw introduces critical security risks that open up users to unauthorized actions, data exposure, system compromises and drained crypto wallets, according to cybersecurity firm CertiK.

OpenClaw is a self-hosted AI agent that integrates with messaging platforms such as WhatsApp, Slack, and Telegram and can autonomously take actions on users' computers, such as managing email, calendars, and files. 

It’s estimated there are around 2 million active monthly users of the platform, according to Openclaw.vps. A McKinsey study in November revealed that 62% of survey respondents said their organizations were already experimenting with AI agents.

However, CertiK warns that it has become a “primary supply chain attack vector at scale.”

OpenClaw grew from a side project called Clawdbot, launched in November 2025, to over 300,000 GitHub stars, a bookmarking or “like” feature on the developer platform, signaling a surge in popularity but accumulating serious “security debt” in the process, noted CertiK. 

However, within weeks of launch, Bitsight identified 30,000 internet-exposed instances of OpenClaw, and SecurityScorecard researchers found 135,000 instances across 82 countries, with 15,200 specifically vulnerable to remote code execution.