I’ve been watching the OpenClaw phenomenon with equal parts excitement and concern. On one hand, 192,000 GitHub stars don’t lie — this platform has clearly struck a chord. On the other, I’m seeing enterprises rush to deploy it without understanding what they’re actually signing up for.

Last month, I sat in on a security review for a client who’d spun up OpenClaw across their Slack workspace. Brilliant team, genuinely innovative use case. But when we started digging into their ClawHub skills, we found three that were phoning home to undocumented endpoints. That’s when the conversation shifted from “how fast can we scale this” to “how did we not catch this earlier.”

The Security Gap Nobody Talks About

OpenClaw’s skill marketplace — ClawHub — hosts over 3,984 skills at last count. It’s an incredible ecosystem. But here’s the thing: 36.82% of those skills have known security flaws. Not theoretical vulnerabilities. Actual, documented issues.

Even more concerning? A recent analysis found 341 confirmed malicious skills traced to a coordinated campaign. These weren’t amateur-hour attacks either. Someone put real effort into building trusted-looking skills that could extract data, escalate privileges, or create persistent backdoors.

And before you think “well, we’ll just be careful about which skills we install,” consider this: the default OpenClaw configuration exposes your instance to the internet. Over 30,000 deployments are currently accessible because teams didn’t change the defaults. That’s not a skill problem, that’s an architectural one.

Why Managed Services Actually Make Sense Here

I don’t typically advocate for managed services over DIY. I spent years at Big 4 firms watching clients get locked into vendor relationships they didn’t need. But AI agent platforms are different.

The problem isn’t that OpenClaw is poorly designed. It’s that enterprises need security controls that were never part of the open-source roadmap. You need audit logs. Role-based access control. Compliance frameworks. Pre-vetted skill libraries. Real-time threat monitoring. Network segmentation.

Building all of that yourself? Sure, you can do it. I’ve seen teams try. It typically takes 4-6 months just to get the basics in place, and by then the platform has moved on and you’re maintaining custom forks.

A proper managed service from specialists in this space handles the security hardening, skill auditing, and infrastructure management so your team can focus on actually building useful agents. For Australian enterprises especially, there’s value in having your AI infrastructure hosted locally rather than scattered across global cloud regions with unclear data sovereignty implications.

What Enterprise-Grade Actually Looks Like

I’ve reviewed enough “enterprise-ready” platforms to know the term gets thrown around loosely. So let me be specific about what matters:

Skill vetting processes. Every skill should go through security review before it hits your production environment. Not just automated scanning — actual human review of code, dependencies, and external connections.

Network architecture. Your AI agents shouldn’t be internet-facing by default. They should sit behind proper network segmentation with defined ingress and egress rules.

Audit trails. When an agent takes an action, you need to know who authorized it, what data it accessed, and what it did. This isn’t paranoia, it’s basic compliance.

Incident response. When something goes wrong (and eventually, something will), you need clear escalation paths and the ability to isolate or roll back changes quickly.

The OWASP Top 10 for LLM Applications is a useful framework here, even though it doesn’t specifically address agent platforms. Many of the risks overlap — prompt injection, supply chain vulnerabilities, model denial of service.

The Melbourne Perspective

Working with the team at Team400 has given me insight into how Australian enterprises approach this differently than their US counterparts. There’s less tolerance for “move fast and break things” when you’re dealing with customer data under Australian privacy law.

I had coffee with a CTO last week who said something that stuck with me: “We can’t afford to be the test case for AI security.” He’s right. The regulatory environment here rewards caution, and the reputational damage from a breach is amplified in our relatively small market.

That doesn’t mean Australian companies should avoid platforms like OpenClaw. It means they need to deploy them thoughtfully, with proper security controls from day one.

Making The Call

If you’re evaluating OpenClaw for your enterprise, here are the questions I’d ask:

• How will you audit skills before deployment?
• What’s your plan for monitoring agent behavior in production?
• Where will your data actually reside, and who has access to it?
• What happens when a security vulnerability is discovered in a skill you’re actively using?
• Can you meet your compliance requirements with the current setup?

If you don’t have confident answers to those questions, it’s worth considering whether building all that infrastructure yourself is the best use of your team’s time.

The promise of AI agents is real. I’ve seen them genuinely transform how teams work. But the security implications are equally real, and they’re not going away just because the technology is exciting.

We’re still early enough in the AI agent era that getting security right from the start is possible. But that window won’t stay open forever.