OpenClaw's Two Faces: Record Growth, 20% Malicious

Latent Space covered the stark contrast between OpenClaw's public narrative and its engineering reality, drawing from Peter Steinberger's dual presentations - one inspirational TED talk, one sobering technical breakdown. The numbers are hard to reconcile: 346,000 GitHub stars alongside 135,000 exposed instances and roughly 20% of the ClawHub skill marketplace confirmed malicious. Security researchers logged 138 vulnerabilities in 63 days, averaging over two new CVEs daily. The project has 60 times more security incidents than curl, a sobering baseline. OpenClaw is the first real stress test of what happens when an AI agent framework scales faster than its governance and review infrastructure can keep pace - a problem every open-source agent marketplace will eventually face.