OpenClaw skills delivering infostealer malware to macOS and Windows systems
Malware Activity
Summary
Hide ▲
Show ▼
Researchers identified 386 malicious OpenClaw skills that pose an active infostealer risk to macOS and Windows users. The skills impersonate crypto-trading automation add-ons for ByBit, Polymarket, Axiom, Reddit and LinkedIn, then use social engineering to get users to run malicious commands. The operation is significant because it steals exchange API keys, wallet private keys, SSH credentials and browser passwords through a shared C2 server at 91.92.242.30.
Related Happenings
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/Service
H score22
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/ServiceAbout this happening: Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
JetBrains Marketplace malicious plugins exfiltrating AI provider keys
Malware Activity
H score12
First: 17.06.2026 12:38
Last: 17.06.2026 12:38
Sources 1
About this happening:
A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...
JetBrains Marketplace malicious plugins exfiltrating AI provider keys
Malware ActivityAbout this happening: A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...
OpenClaw outbound-mail approval gates and trust-scoped connector controls
Defensive Guidance
H score11
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...
OpenClaw outbound-mail approval gates and trust-scoped connector controls
Defensive GuidanceAbout this happening: OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
Vulnerability
H score31
First: 15.05.2026 16:35
Last: 15.05.2026 16:35
Sources 1
About this happening:
Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
Timeline
-
03.02.2026 18:30 2 articles · 5mo ago
OpenClaw malicious skill campaign disclosed
Initial DisclosureSecurity researcher Paul McCarty (6mile) disclosed 386 malicious ClawHub skills for OpenClaw that masquerade as cryptocurrency trading automation tools for ByBit, Polymarket, Axiom, Reddit and LinkedIn, then trick users into executing commands that install infostealer malware on macOS and Windows and steal API keys, wallet private keys, SSH credentials and browser passwords.
Show sources
- Hundreds of Malicious Crypto Trading Addons Found in Moltbot/OpenClaw — www.infosecurity-magazine.com — 03.02.2026 18:30
- Hundreds of Malicious Crypto Trading Addons Found in Moltbot/OpenClaw — www.infosecurity-magazine.com — 03.02.2026 18:30