If you run a business in Malaysia and nobody on your team has mentioned OpenClaw yet, give it a week. The open-source AI assistant has racked up over 247,000 stars on GitHub since January, making it one of the fastest-growing projects on the platform. The pitch sounds almost too good: a free, self-hosted AI agent that manages your email, calendar, and files through WhatsApp or Telegram. It runs on your machine, connects to models like Claude or GPT, and automates workflows while you sleep.
There's a lot to like here. There's also a lot that should make you nervous.
The problem isn't AI automation itself. Businesses that build proper access controls and security layers into their AI tools use them every day without incident. The problem is deploying an unvetted tool with deep system access and hoping for the best.
OpenClaw has serious unresolved security issues. Of public instances tested, 93% lacked authentication, and 12% of its skill marketplace contained malware. Malaysian businesses subject to the PDPA should hold off on deploying it in production until these problems are sorted out.
What can OpenClaw actually do?
OpenClaw is a personal AI agent that lives on your computer. You talk to it through WhatsApp, Telegram, Discord, whatever messaging app you prefer. Tell it to clear your inbox, reschedule a meeting, summarise a PDF, or run a shell script. It just does it.
The difference between OpenClaw and something like ChatGPT is that OpenClaw acts. It reads your files, controls your browser, runs code, and remembers what you talked about last Tuesday. If you're a solo founder with 47 browser tabs open, that's actually useful.
It's free under an MIT license. The real costs come from infrastructure: roughly RM25-50 per month for a personal setup (cheap VPS plus a budget AI model), or RM100-200 per month if you're running business workflows with multiple models.
Is OpenClaw safe for business use?
Here's where my enthusiasm runs into a wall. Security researchers have been sounding alarms, and the findings are bad.
Researchers found over 42,000 OpenClaw instances running on the public internet. Of those actively tested, 93% had no proper authentication. Anyone could walk in.
On ClawHub, OpenClaw's public skill marketplace, 341 out of 2,857 skills turned out to be malicious. That's 12% of the entire registry, packed with keyloggers and credential stealers dressed up in professional documentation.
Meta reportedly told employees to keep OpenClaw off their work laptops or risk their jobs. Microsoft's security blog advised against running it with primary work accounts. Cisco called it "groundbreaking" in concept and an "absolute nightmare" for security. Sophos said it should only run in disposable sandboxes.
OpenClaw itself isn't malicious. The project is built in good faith. But it has deep system access by design, and the community marketplace grew way faster than anyone could review it. When one in eight add-ons contains malware, the casual "install and try stuff" approach most people take becomes a real problem.
| Risk area | Finding |
|---|---|
| Public instances without authentication | 93% of those actively tested (42,000+ exposed) |
| Malicious skills on ClawHub | 341 of 2,857 (12%) |
| Enterprise response | Meta (banned on work devices), Microsoft (avoid primary accounts), Cisco, Sophos |
None of this means AI automation is off the table. It means OpenClaw specifically isn't ready for production, and there are better ways to get the same results.
Why this matters more for Malaysian businesses
Under the PDPA, your business is responsible for protecting customer data. An AI agent with read-write access to your email, files, and cloud storage is a compliance problem if it's misconfigured or running a compromised skill. If you're not sure where your gaps are, a cybersecurity assessment is worth doing before adding any new tools with this level of access.
Here's a scenario that plays out too often: a developer installs OpenClaw on their work laptop, hooks it up to the company Gmail and Slack, grabs a few popular skills from ClawHub without reading the source code, and carries on with their day. If one of those skills is compromised, client data walks out the door before anyone notices.
If your company handles customer records, financial data, or anything the PDPA covers, that's not hypothetical. It's the kind of thing that ends up in a breach notification.
What should Malaysian businesses do instead?
The idea behind OpenClaw is where AI agents are heading. A local assistant that does things for you, not one that just answers questions. But "where things are heading" and "safe to deploy on Monday" are very different.
If your team wants to experiment, do it in a sandbox. Dedicated machine, no production data, no real credentials. Microsoft's security team said the same thing.
Stay away from ClawHub skills until there's a proper vetting process. 12% of the registry was compromised. Treat third-party skills like unsigned software from an unknown source, because right now, that's exactly what they are.
If your workflows don't fit neatly into off-the-shelf products, you can have something built specifically for your business. Not a wrapper around OpenClaw or any other open-source agent. A custom AI solution designed from scratch around your operations, with access controls scoped to exactly what the tool needs and nothing more.
For simpler use cases, managed tools like Claude, ChatGPT Enterprise, or Microsoft Copilot handle a lot of the same tasks with security layers already in place. They cost more than self-hosting, but self-hosting OpenClaw safely isn't free either, and the compliance overhead adds up faster than people expect.
OpenClaw isn't ready, but AI automation is
247,000 people starred OpenClaw for a reason. The demand for AI that actually does things is real. Peter Steinberger (the creator) is joining OpenAI, and the project is moving to the OpenClaw Foundation. It could mature into something solid.
Right now, though, it's not there yet. Keep it out of production environments. But don't let that put you off AI automation entirely. The tools exist to do this safely. OpenClaw just isn't one of them yet.
We build custom AI solutions and software from the ground up for Malaysian businesses. No open-source agent underneath, no shared marketplace, no shortcuts. Talk to us if you want automation that's actually yours.
Image credit: OpenClaw. This article does not constitute professional cybersecurity or legal advice. Businesses handling personal data should consult qualified professionals regarding PDPA compliance.