Cybersecurity experts are urging organizations to proceed with caution when deploying advanced AI agent platforms, warning that these powerful new tools pose a far wider range of security threats than standard chatbots.
The Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) said in a statement on Thursday that AI agent platforms that can run directly on local devices, install third-party skills, and integrate with external services “present risk dimensions beyond common conversational AI tools.”
This alert focuses on the growing popularity of an open source platform called OpenClaw.
Unlike simple chatbots, OpenClaw is designed to be self-hosted and acts as a multichannel gateway, connecting to messaging apps like WhatsApp, Telegram, and Discord.
It has features such as persistent memory, browser control, and system access to handle file operations, browser automation, and scripting-related tasks across multiple environments.
“This advanced level of integration quickly attracted the attention of developers and the technical community,” the center said.
However, HKCERT reported that malicious actors are already exploiting interest in the platform by “creating fake GitHub repositories and Bing AI search results to distribute information-stealing and proxy malware to users searching for OpenClaw Windows installer.”
Beyond the fake downloads, there were security flaws in the platform itself.
According to HKCERT, “OpenClaw previously had a high-severity vulnerability that could allow a malicious website to take over a developer’s OpenClaw agent.”
Although this particular vulnerability was patched on February 26th, this incident serves as a stark reminder of the risks.
“This incident serves as a reminder that organizations deploying AI agent tools can be at greater risk if they lack appropriate security monitoring and control measures,” the center said.
Compounding the risk is the platform’s open-source skills ecosystem known as ClawHub, which allows users to publish and install scripts to extend functionality.
HKCERT warned that “while this open expansion model accelerates feature growth, it also introduces supply chain risks associated with third-party components.”
To help organizations address these risks, HKCERT has issued a series of cybersecurity recommendations, including checking download sources and installation instructions, updating OpenClaw, and using caution when installing third-party skills.
Edited by Thomas McAlinden
