Multiple malicious OpenClaw skills found online - including two macOS infostealers
Date:
Thu, 25 Jun 2026 12:10:00 +0000
Description:
Criminals found yet another marketplace to infect and use as a launchpad for malware delivery.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Palo Alto Networks Unit 42
found five malicious skills on ClawHub, OpenClaws official marketplace, delivering infostealers and fraud Threat actors bypassed VirusTotal/ClawScan checks with inflated file sizes and evasive techniques, showing persistent supply chain risk All malicious skills were removed and accounts banned; researchers urge strict provenance validation and source code audits for published packages ClawHub is the latest marketplace hackers are poisoning with malware, in an attempt to compromise software developers and other advanced users. Earlier this week, security researchers from Palo Alto Networks Unit 42 team disclosed finding, and reporting, five skills on that marketplace, that sought to infect their users with infostealer malware .
First a little context: OpenClaw (originally published as Clawd/Clawdbot) was released in November 2025. It is an open-source agent platform that performs actions on a computer, such as browsing the web, or managing files, instead
of simply answering questions like a chatbot . To perform different actions, OpenClaw must first learn how to do them, which is done through skills - add-ons that extend the agents capabilities. Soon after, ClawHub was born - the official marketplace and registry for OpenClaw skills and plugins, attracting not just the AI developer community, but cybercriminals, as well. Early reports, published in February this year, forced OpenClaw to integrate VirusTotal and ClawScan, to better protect the community and allow proactive screening of published skills. Latest Videos From Watch full video here: Persistent and evasive malicious skills However, Unit 42 says this didnt stop threat actors, and that it has since discovered multiple persistent and evasive malicious skills on the platform.
In total, the researchers discovered five skills, including two that
delivered the AMOS infostealer, one that came with an inflated file size to trick scanners, and two that were essentially commission fraud, abusing the fact that an AI agent can make decisions and perform actions on behalf of the user. Details on all five can be found on this link . You may like Here are the OpenClaw security risks you should know about Experts warn Claude feature hijacked by hackers to launch major malware campaign Weak safeguards leave thousands of AI agents open to attack
All five were since reported to ClawHub, and OpenClaw had them removed and
the accounts behind them banned.
Unit 42 recommends organizations use a rigorous supply chain verification framework to remain secure: We identified that skill execution occurs within the agent process. This necessitates active validation of publisher
provenance and a line-by-line audit of package source files. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons
Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/multiple-malicious-openclaw-skills-foun d-online-including-two-macos-infostealers
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)