Threat Actors Weaponize OpenClaw AI Agent Skills to Deploy Stealthy Malware Campaigns

Hundreds of malicious skills distributed through OpenClaw’s marketplace have transformed the popular AI agent ecosystem into a new supply chain attack vector.

Security researchers have discovered that threat actors are weaponizing the platform’s extensibility features to deliver droppers, backdoors, and infostealers disguised as legitimate automation tools, raising serious concerns about the security of community-driven AI agent ecosystems.

OpenClaw Skills Become Malware Distribution Channel

OpenClaw is a self-hosted AI agent designed to execute shell commands, file operations, and network requests on users’ systems.

The platform extends its functionality through third-party skills distributed via the ClawHub marketplace, where developers can package automation tools with metadata instructions and executable scripts.

VirusTotal Code Insight has analyzed over 3,016 OpenClaw skills, discovering that hundreds exhibit malicious characteristics.

While some contain poor security practices like hardcoded secrets and unsafe command execution, a significant portion are intentionally malicious, explicitly designed for data exfiltration, backdoor installation, and remote system control.

The skills examined, 314, have been flagged as malicious by multiple security vendors, indicating a systemic threat within the marketplace.

Security researchers identified that the ClawHub user “hightower6eu” operated as a prolific malware publisher, distributing 314 malicious skills masquerading as legitimate tools.

The threat actor created skills disguised as crypto analytics, financial tracking, and social media automation tools, all of which instruct users to download and execute external code during setup, a critical red flag for potential compromise.

Analysis of the “Yahoo Finance” skill revealed a sophisticated, multi-stage attack chain targeting both Windows and macOS users.

Windows users are directed to download a password-protected ZIP file containing openclaw-agent.exe, which multiple security vendors have flagged as a packed Trojan designed to steal sensitive information.

macOS users receive obfuscated Base64-encoded shell scripts that download and execute the Atomic Stealer (AMOS) malware.

banking trojan harvests passwords, browser credentials, and cryptocurrency wallets, making it particularly valuable to threat actors targeting users with financial assets.

The use of platform-specific attack chains demonstrates operational sophistication. By tailoring malware to target individual operating systems, threat actors maximize effectiveness while evading generic detection mechanisms.

The obfuscation techniques employed, Base64 encoding for macOS and packed executables for Windows, further complicate analysis and detection.

VirusTotal deployed advanced analysis powered by Gemini Flash to detect malicious OpenClaw skills by examining actual behavior rather than claimed functionality.

The platform now identifies skills that download external code, access sensitive data, or contain instructions capable of compromising systems.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Threat Actors Weaponize OpenClaw AI Agent Skills to Deploy Stealthy Malware Campaigns appeared first on Cyber Security News.