OpenClaw’s weak spots have not gone unnoticed and Australian pentester Jamieson O’Reilly, founder of DVULN, was among the first to call them out. Now, he’s been appointed OpenClaw’s security representative, tasked with hardening the project from within.

In this exclusive Infosecurity interview (from 7.30), O’Reilly explains his journey from a critic, who created a ‘fake’ malicious OpenClaw skill called “What would Elon do?” to a custodian. He also shares why he still treats OpenClaw with caution and outlines the security roadmap he’s building to make the project safer without stifling innovation.

O’Reilly’s vision goes beyond patches and firewalls. He advocates for treating OpenClaw skills, its modular tools, like mobile apps. This means standardized security reviews, supply chain checks and transparency requirements. He also highlights the need for better ways to analyze AI prompts and agent behavior. This reduces the risk of hidden threats in natural language interactions. If successful, his work could set a new bar for security in open-source AI projects.

O’Reilly’s appointment signals a shift. The project is taking security seriously, but the road ahead is complex. For CISOs and developers, his insights offer a rare look at how to balance experimentation with real-world safeguards.

Resources:

• OpenAI's Promptfoo Deal Plugs Agentic AI Testing Gap – Infosecurity Magazine
• Researchers Reveal Six New OpenClaw Vulnerabilities - Infosecurity Magazine
• Researchers Find 40,000+ Exposed OpenClaw Instances – Infosecurity Magazine
• Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw – Infosecurity Magazine
• OpenClaw’s main website
• OpenClaw’s GitHub page
• OpenClaw’s Trust page outlining the project’s security roadmap
• OpenClaw Partners with VirusTotal for Skill Security – OpenClaw