PaperAgent

Mar 10, 2026 · Information Security

How Token‑Draining Attacks and Formal Defenses Threaten OpenClaw’s Skill Ecosystem

The article analyzes recent security research on OpenClaw, exposing large‑scale malicious Skill injections, a novel token‑exhaustion attack called Clawdrain, and the SkillFortify formal framework that achieves near‑perfect detection of malicious Skills while highlighting the limitations of heuristic scanners.