Safety vendor Noma reported that 53% of its enterprise clients gave OpenClaw privileged entry over a single weekend, in accordance with a January 30 Gartner evaluation. Gartner characterised OpenClaw as “a strong demonstration of autonomous AI for enterprise productiveness, however it’s an unacceptable cybersecurity legal responsibility” and beneficial enterprises “block OpenClaw downloads and site visitors instantly,” describing shadow deployments as creating “single factors of failure, as compromised hosts expose API keys, OAuth tokens, and delicate conversations to attackers.”
OpenClaw surpassed 150,000 GitHub stars in late January, gaining viral reputation on social media. The platform, launched in November 2025 and rebranded twice resulting from trademark disputes, permits community-developed “abilities” that run with full entry to the agent’s instruments and knowledge—the structure that ClawHavoc exploited.
Limitations of malware scanning
Whereas the VirusTotal integration addresses recognized malware within the abilities market, OpenClaw acknowledged important limitations within the announcement. “Let’s be clear: this isn’t a silver bullet,” the announcement said. “A ability that makes use of pure language to instruct an agent to do one thing malicious gained’t set off a virus signature. A rigorously crafted immediate injection payload gained’t present up in a menace database.”
