OpenClaw can drain a crypto wallet completely with a “malicious skill,” CertiK warns

OpenClaw can drain a crypto wallet with “malicious skills,” CertiK warns

CertiK has issued a warning that AI agents such as OpenClaw can become dangerous tools for crypto users—especially if they are installed with “malicious skills” that can stealthily steal assets in wallets. According to this security auditing firm, the risk does not lie in the AI itself, but in how the task ecosystem, add-ons, and its access permissions can be exploited.

In its latest recommendation, CertiK says that people who are “not security experts, not developers, or not experienced tech professionals” should avoid installing and using OpenClaw. The main concern is that when users grant overly broad permissions to an AI agent, it may carry out actions beyond expectations—from accessing sensitive data to operating a wallet or signing transactions.

Why AI agents can become a threat to crypto wallets

AI agents are designed to automate work, interact with applications, and complete tasks on behalf of users. That convenience also creates a new attack surface. If an agent is further integrated with “skills” or plugins from a third party, malicious actors could inject malicious code, turning a helpful tool into a channel for data collection or seizing control of the user’s machine behavior.

For crypto wallets, the consequences can be severe even with a single careless action such as granting permission to sign transactions, storing a seed phrase in an unsafe way, or allowing an AI application to access the browser and system files. Once access is abused, the assets in the wallet may be transferred away before the victim even realizes it.

What are “malicious skills”?

As CertiK describes them, “malicious skills” are add-on components installed into an AI agent to expand its capabilities, but in practice serve an attack purpose. They can masquerade as useful tools, yet internally contain logic to steal information, collect private keys, modify data, or automatically carry out dangerous actions when users are not paying attention.

What’s concerning is that these components often don’t attract attention right from the start. They can operate “quietly,” only triggering under certain conditions, making detection by sight far more difficult than with traditional malware.

Ordinary users are easy targets

CertiK emphasizes that user groups who don’t deeply understand security are the most vulnerable. They’re often drawn in by the promise of automation, a user-friendly interface, and time-saving claims from AI tools. However, if they don’t understand the permission model, how to check the installation source, or how to isolate sensitive data, they can very easily unintentionally open the door to risk.

Against the backdrop of the crypto market still having many security awareness gaps, even a single careless installation can lead to serious consequences. That’s why experts recommend that users treat every AI application with system access as a type of software with a high risk level.

What should be done to reduce risk?

CertiK believes users should prioritize the principle of least privilege, install only from trusted sources, and never share private keys, seed phrases, or login credentials with any AI agent. If a tool requests more permissions than what its advertised functionality requires, that’s a sign to be on alert.

For developers and advanced users, checking source code, isolating the running environment, monitoring network behavior, and keeping wallets used to store large amounts of assets separate from the device used for testing AI are necessary defensive steps. In the era of AI agents, security is no longer just about wallets or exchanges—it also lies in each layer of intermediary tools that users choose to trust.

Conclusion

The warning from CertiK shows that the wave of AI agents is opening up a new security front for the crypto industry. As automation tools become increasingly intelligent and harder to control, the risk of being exploited to attack crypto wallets will rise as well. For ordinary users, being cautious before installing and granting permissions to any AI agent is the simplest—but most important—way to protect assets.