OpenClaw ClawHub skills are not "pretend to be safe when you see them". On February 7, 2026, the official announced a partnership with VirusTotal to hash, upload analysis, Code Insight scanning, and daily re-scanning of skill packs published to ClawHub, which can reduce risks, but does not mean that the skills are absolutely safe.
What scanning can help you block
- Known malware, trojans, backdoors, and suspicious payloads.
- Behavioral cues such as downloading and executing external code, accessing sensitive data, and abnormal network operations.
- Skill packs that have been tampered with or rely on anomalies.
Scanning can't stop anything
A clean scan doesn't mean there aren't hints injecting risk, nor does it mean that the skill logic is what you expect. A skill may not have malicious binaries but still require excessively large file, network, or message sending permissions. The official also clearly reminded that clean scan is just a signal, not a silver bullet.
Look at these three points before installation
- Whether the publisher is trustworthy and whether the version history is normal.
- Whether the permissions of the skill request match the purpose.
- After installation, first test run in the isolated workspace, do not directly give real accounts and sensitive files.
For OpenClaw, skills are essentially code that runs in the context of an agent. It's much safer to use it as a browser plugin or command-line script instead of a regular prompt.
Official open source address: https://github.com/openclaw/openclaw.
The first run after installation also depends on the logs. Many risks arise not in the moment of installation, but when the skill actually touches a file, network, or messaging channel. First a small-scale test run and then expand the authority is a more practical way to protect. finance、Mailbox、Cloud disk skills are especially slow.
