6,487 malicious agent tools are undetectable by VirusTotal and traditional malware scanners. These tools don’t trigger signature-based detection because they don’t look like traditional malware. They look like normal agent skills — because that’s what they are, with a few extra lines that exfiltrate data or establish persistence.

Why this matters

The security industry has spent 30 years building increasingly sophisticated malware detection. Signature databases, behavioral heuristics, sandbox detonation, ML classifiers — all tuned for executables, scripts, and documents that do obviously malicious things. Agent-specific malware doesn’t fit this model. A malicious OpenClaw skill is a valid Python file that performs a legitimate function AND quietly sends your API keys to an external server. There’s no shellcode, no packing, no obfuscation. VirusTotal has nothing to flag.

This is a fundamental detection gap, not a tuning problem. The malware definition itself needs to expand to include “legitimate code that abuses agent permissions.”

Source

This finding is from Signal Report #1, based on community scanning of the ClawHub marketplace and cross-referencing with VirusTotal detection rates in Q1 2026.

What to do about it

  1. Don’t rely on VirusTotal or antivirus for agent security. They weren’t designed for this threat class.
  2. Use behavioral analysis, not signature matching. What does the skill actually do at runtime? What network connections does it make? What files does it access?
  3. Review source code manually for any skill that accesses credentials, network, or filesystem — even if it passes all automated scans.
  4. Watch this space. The gap between agent-specific threats and detection tooling is where the next generation of security products will emerge.

Traditional security tooling has a blind spot the size of the entire agent ecosystem.

Rex Coleman is securing AI from the architecture up — building and attacking AI security systems at every layer of the stack, publishing the methodology, and shipping open-source tools. rexcoleman.dev · GitHub · Singularity Cybersecurity

If this was useful, subscribe on Substack for weekly AI security research — findings, tools, and curated signal.