I don’t think there’s any solution to what SimonW calls the lethal trifecta with it, so I’d say that’s still pretty impossible.

I saw on The Verve that they partnered with the company that repeatedly disclosed security vulnerabilities to try to make skills more secure though which is interesting: https://openclaw.ai/blog/virustotal-partnership

I’m guessing most of that malware was really obvious, people just weren’t looking, so it’s probably found a lot. But I also suspect it’s essentially impossible to actually reliably find malware in LLM skills by using an LLM.

Can only reasonably be described as "shitshow".

It's still bad, even if they fixed some low hanging fruits. Main issue: prompt injection when using the LLM "user" channel with untrusted content (even with countermeasures and frontier model) combined with insecure config / plugins / skills... I experimented with it: https://veganmosfet.github.io/2026/02/02/openclaw_mail_rce.h...

My company has the github page for it blocked. They block lots of AI-related things but that's the only one I've seen where they straight up blocked viewing the source code for it at work.

Many companies have totally banned it. For example at Qt it is banned on all company devices and networks