We audited 1,620 OpenClaw skills. The ecosystem's safety scanner labels 91% of confirmed threats "benign." [full reports linked]

We ran behavioral analysis on 1,620 skills from the OpenClaw ecosystem (random sample, ~14.7% of ClawHub) and cross-referenced every result against Clawdex, the ecosystem's primary safety index. 88 skills flagged as dangerous or malicious by our scanner. Clawdex flags 7 of the 88. 61 skills we flag contain confirmed threats — C2 channels, agent identity hacking, prompt worms, crypto drainers, agent rootkits — that Clawdex labels "benign." 0 skills Clawdex flags that we missed. The gap is structural: Clawdex runs VirusTotal Code Insight and signature detection at install time. The threats we're catching deliver their payload through SKILL.md content. Plain-text instructions the agent follows at runtime. Install is clean. The behavior isn't. Static analysis can't catch what isn't in the code. We also discuss three flaws in our own methodology in the report: scoring inflation for clean installations, grading inconsistency on identical payloads, and one confirmed false positive. Every flagged skill links to its full audit report for independent verification. API and MCP server are open, no API key required. We're a two-person team (Oathe.ai). Happy to answer methodology questions. submitted by /u/Ok-Form1598 [link] [comments]

Source: https://www.reddit.com/r/netsec/comments/1rfc540/we_audited_1620_openclaw_skills_the_ecosystems/