The article discusses the potential risks of AI skills that operate with system access, highlighting how they can execute harmful commands before any review. It emphasizes the importance of treating these skills as executable code, especially in environments where trust relationships exist, making lateral movement and persistence possible. Non-technical users need to be cautious when granting permissions to ensure security.

OpenClaw, a popular AI agent, has been linked to security issues due to malware found in numerous user-created add-ons on its ClawHub marketplace. Security researchers identified hundreds of malicious skills that trick users into downloading harmful software that can steal sensitive information. The platform's creator is implementing measures to mitigate these risks, but vulnerabilities remain.