AI Assistant OpenClaw Gets VirusTotal On Its Side

To prevent cybercriminals from flooding the AI assistant OpenClaw's skill marketplace ClawHub with malware-infected extensions, Google's online virus scanner VirusTotal will now monitor the platform.

A Feast for Attackers

The OpenClaw developer recently announced this partnership in a blog post. OpenClaw is a particularly powerful AI assistant that, depending on its configuration, has extensive system privileges, uses applications, and can even install software independently to perform certain tasks.

It accepts commands via chat clients like Signal, among others. If OpenClaw has full access to a password manager to perform certain tasks, it may be convenient for the user, but it also represents an immense security risk.

Cybercriminals have long been aware of this and are distributing malware-infected extensions on the official skills marketplace ClawHub. There, users can download free skills for specific tasks, such as analyzing and evaluating current Bitcoin developments. However, some skills do not do what their description promises; instead, they secretly read passwords and send them to criminals. As security researchers from VirusTotal state in a report, they have already encountered hundreds of such infected extensions.

Another Security Component

To curb the upload of malware skills, VirusTotal's scanners examine uploads to detect malicious code. Suspicious skills are blocked and cannot be downloaded. Skills that have already been uploaded are to be scanned daily to detect subsequently added malware.

Since the primarily signature-based approach “only” finds already known Trojans and backdoors, this is naturally not a panacea. Payload prompts carefully crafted by attackers can slip through. Overall, however, the partnership is sensible and another component to make the powerful AI assistant more secure.

(des)