While AI tools like OpenClaw promise to automate your workflow, they are quickly becoming a favorite tool for hackers. A recent 1Password report by Jason Meller reveals a scary reality: the "skills" you download to make these AI agents smarter are often digital traps.
Meller warns that because these tools have deep access to your files and web browsers, they are a "Faustian bargain." He discovered that even highly-rated "skills" were actually hidden malware designed to steal passwords, browser cookies, and login keys. At NYU, we have already received reports of users who lost access to their accounts and suffered credential leaks after installing modified versions of OpenClaw.
The author’s advice is blunt: “If you are experimenting with OpenClaw, do not do it on a company (or university) device. Full stop.”
For our NYU Shanghai community, this means you should NEVER install these experimental agents on any computer used for schoolwork, NYU systems (like Brightspace or Albert), or office tasks. If you’ve already used it on an NYU device, treat it as a security breach and contact NYU Shanghai IT immediately. Stick to official, university-vetted AI tools to keep your personal and academic data safe.
See NYU Shanghai Educational IT Guideline on Artificial Intelligence (AI) for more information.
Related Reads:
From magic to malware: How OpenClaw's agent skills become an attack surface - 1Password
Don’t get pinched: the OpenClaw vulnerabilities -- Kaspersky official blog
OpenClaw (formerly Moltbot, Clawdbot) May Signal the Next AI Security Crisis -- Palo Alto Networks® Blog
Hackers Abuse Bing AI Search to Spread Malware Through Fake OpenClaw Installers -- WindowsReport
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket -- The Hacker News
