The Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) issued a warning on March 12, highlighting the rapid emergence of the open-source AI agent platform OpenClaw. As its popularity grows, associated cybersecurity risks are increasingly coming to light. HKCERT emphasized that AI agent platforms capable of local operations, installing third-party function plugins, and integrating external services present a significantly broader risk profile compared to standard conversational AI tools. Organizations and users must exercise heightened vigilance when adopting such tools.

According to a report cited by HKCERT, malicious actors have already exploited fake GitHub repositories and manipulated Bing AI search results to distribute information-stealing malware and agent-based malware to users searching for OpenClaw Windows installation files. The center advises users to download and install the software exclusively through official websites, official documentation, and official repositories, and to avoid using links from unverified sources.

HKCERT also pointed out that OpenClaw was previously found to contain a high-risk vulnerability that allowed malicious websites to hijack developers' OpenClaw agents. Fortunately, this vulnerability was patched on February 26, 2026. However, the incident serves as a critical reminder that organizations deploying AI agent tools without adequate security oversight and controls may face increased risk exposure.

Beyond platform-specific vulnerabilities, OpenClaw's skill ecosystem has introduced new attack vectors. Official documentation indicates that OpenClaw includes an open-source skill registry called ClawHub, which allows users to publish "skills" to extend platform functionality. Users can search, install, update, and publish skills through this registry. Skills typically consist of a SKILL.md description file and related support files. HKCERT warned that while this open extensibility model accelerates functional growth, it also introduces supply chain risks through third-party components, potentially creating new entry points for attackers.

HKCERT provided several recommendations, including verifying download sources and installation guides, updating OpenClaw to the latest version promptly, carefully reviewing third-party "skill" scripts before installation, remaining alert to agent requests to perform high-risk operations, and managing OpenClaw as a high-privilege automation platform.