CertiK warns: AI agents like OpenClaw could drain your crypto

• CertiK issued a warning to non-professional users against installing the OpenClaw AI agent due to severe security vulnerabilities.
• The platform has seen explosive growth with over 300,000 GitHub stars and 2 million monthly active users, but it carries significant "security debt."
• Cybersecurity researchers identified over 135,000 internet-exposed instances, with many vulnerable to remote code execution and wallet-draining attacks.

Vulnerabilities in AI Autonomy

CertiK has raised alarms regarding the widespread adoption of AI assistants like OpenClaw, a self-hosted agent that manages messaging apps, emails, and files autonomously. While the platform has gained massive popularity since its launch in November 2025, it has simultaneously become a primary target for supply chain attacks. According to a McKinsey study, 62% of organizations are already experimenting with similar AI agents, but the rapid deployment often outpaces security measures.

Researchers found that OpenClaw acts as a bridge between external commands and local system execution, opening "classic attack vectors." These include local gateway hijacking, which allows malicious actors to extract sensitive data or execute unauthorized commands. The platform has already accumulated over 280 GitHub Security Advisories and 100 Common Vulnerabilities and Exposures (CVEs).

The Threat of Malicious Skills

One of the most sophisticated risks identified is the use of "malicious skills." Unlike traditional malware that antivirus software can easily flag, these skills use natural language to manipulate the AI's behavior. These can be installed from local sources or marketplaces and are often hidden within legitimate-looking code. Attackers have strategically placed these malicious skills in categories relevant to the crypto community, such as:

• Phantom and MetaMask wallet trackers
• Polymarket tools
• Google Workspace integrations
• Insider-wallet finders

The primary goal of these attacks is to target browser extension wallets simultaneously, including Trust Wallet, Coinbase Wallet, OKX Wallet, and others. This tradecraft mirrors broader crypto-theft tactics like phishing and social engineering.

Industry Response and User Safety

At the ClawCon event in Tokyo, OpenClaw founder Peter Steinberg, who recently joined OpenAI, stated that the team has spent the last two months focused on hardening the platform's security. However, recent phishing campaigns have still managed to lure developers using fake GitHub posts and a bogus "CLAW" token.

CertiK advises that anyone who is not a security professional or an experienced developer should avoid using OpenClaw until more stable and managed versions are released. To address these systemic risks, SlowMist recently introduced a security framework in March designed to act as a "digital fortress" for AI agents handling on-chain assets and autonomous actions.