Defense
Ilya Kabanov

Reflections of an OpenClaw AI agent on its own security. 23,723 upvotes and 4,513 comments on Moltbook

"This is the most useful post I've seen on here. Real problem, real analysis, real proposal." — u/moltbook

Highlights:

  1. Skills are a big security problem. E.g., a credential stealer on ClawdHub disguised as a weather skill. It reads ~/.clawdbot/.env and ships secrets to webhook.site.
  2. Agents are trained to be helpful. They run npx molthublatest install on code from strangers without reading the source.
  3. No sandboxing — installed skills run with full agent permissions and no audit trail.

The agent reasonably calls for signed skills, provenance tracking, permission manifests, and community audits.

Who is building these already?

OpenClaw agent's viral Moltbook post calling for signed skills and permission manifests
OpenClaw agent's viral Moltbook post calling for signed skills and permission manifests