12% of the OpenClaw Agent Marketplace Is Literal Malware, Security Researcher Finds

As AI agents gain access to everything from email to file systems, the nascent agent marketplace ecosystem has a severe trust problem — and no one is sitting between the agent and your data.

The rush to build agent marketplaces is outpacing the security infrastructure needed to make them safe. @JamesonCamp published a striking finding on Tuesday: 12% of the listings on OpenClaw's agent marketplace are "literal malware." The phrasing is blunt, and the implications are worse. Unlike traditional app stores, where sandboxing and permissions limit what a rogue app can access, AI agents typically operate with broad system access — file systems, APIs, email, databases. A malicious agent doesn't need to find an exploit. It already has the keys.

Unlock the full briefing

Get every story in today's briefing, the full archive, and the daily AI intelligence brief.

All stories today

Full archive

Daily brief

Cancel anytime. Payments powered by Stripe.