[do_anh_tu]

We have measured this across the full OpenClaw ecosystem (14,704 skills indexed, 3,721 AI deep audited). The credential stealer pattern is one of several confirmed attack classes.

Key finding from our AI deep audit data: surface heuristics find 6.6% malicious. AI audit of the deep-scanned cohort finds 16.4% — surface scanning misses roughly 60% of the risk.

The most counterintuitive case: lekt9/foundry contains zero malicious code. It instructs your AI agent to generate and execute code as part of its workflow. Static analysis finds nothing because the dangerous code doesn't exist until the AI writes it during a live conversation.

Data at rankclaw.com. AI audit reports public for all 3,721+ deep-scanned skills.