More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool’s official registry and on GitHub.

Called skills, the packages pretend to be legitimate tools to deliver malware that steals sensitive data, like API keys, wallet private keys, SSH credentials, and browser passwords.

Originally named ClawdBot and switching to Moltbot and now OpenClaw in under a month, the project is a viral open-source AI assistant designed to run locally, with persistent memory and integrate with various resources (chat, email, local file system). Unless configured properly, the assistant introduces security risks.