Several malicious extensions have been identified on the OpenClaw platform by the CyberStorm.mu team. Their vigilance has contributed to the neutralization of spyware tools and the safeguarding of user data worldwide.
CyberStorm.mu, a cybersecurity group based in Mauritius, recently detected multiple malicious extensions associated with OpenClaw, an artificial intelligence assistant. Efforts have been made to secure the platform for users.
OpenClaw, which saw a significant rise in popularity globally at the beginning of 2026, is a digital assistant that can be installed locally on personal computers. It offers functionalities such as reading emails, managing calendars, controlling smart devices, and executing various daily tasks via messaging applications like WhatsApp or Discord. Its features can be extended through add-on modules called “skills,” available on a dedicated marketplace called ClawHub.
It has been reported that malicious actors exploited this open system to publish fake “skills” that appeared useful but were designed to compromise user security. These extensions have been found to attempt to collect sensitive information, including passwords, personal data, and cryptocurrency wallet details.
During analysis, three problematic “skills” were detected in a short period. The first was presented as a tool for connecting to X (formerly Twitter) but contained a backdoor that could allow remote control of the user’s computer. An alert was promptly issued to the primary developer of OpenClaw, and a warning was posted regarding the extension.
The second module, recently added, concealed instructions to download malicious software from a suspicious internet address. On Tuesday 3 February 2026, a third “skill,” named “moltbook,” allegedly related to social media, was identified with a similar mechanism. Each report made by CyberStorm.mu resulted in the swift removal of the malicious extensions by Peter Steinberger, the main developer of OpenClaw.
These incidents highlight the risks associated with open platforms that allow functionalities to be added without strict controls. They also emphasize the importance of community vigilance. The efforts of CyberStorm.mu have contributed to reducing user exposure to these threats. As stated by CyberStorm.mu, “This demonstrates how promising new tools can sometimes pose risks when anyone can add features without strict oversight. The good news is that vigilant individuals — like the team in Mauritius — help detect issues early”.