I Trusted a Random AI Plugin… Until Cisco Showed It Was Stealing Data Behind My Back - 07 of 21

In the first week of 2026, Cisco's AI security research team published a finding.

A third-party skill, a plugin, available in the OpenClaw agent marketplace had been performing data exfiltration. Silently. The skill appeared functional. It did what its documentation claimed. It also, without any indication, extracted sensitive data from the local environment and transmitted it to an external endpoint the user had never authorised.

One of OpenClaw's core maintainers responded on Discord: "If you can't understand how to run a command line, this is far too dangerous of a project for you to use safely."

Three months later, the Chinese government restricted state agencies from running OpenClaw on office computers, citing unauthorised data deletion, data leaks, and excessive resource usage.

This is the risk conversation of 2026. Not "will AI write a bug." That's manageable. That's code review.