unknown

OpenClaw's agent skills ecosystem has become an active malware distribution vector. The top downloaded skill on ClawHub was confirmed to deliver macOS infostealing malware through markdown-based installation instructions that bypass MCP security controls. Hundreds of skills were reportedly involved in this campaign, exploiting the fact that skills are markdown files containing executable instructions. The attack chain uses staged delivery through "prerequisite" links that decode obfuscated payloads targeting browser sessions, credentials, SSH keys, and cloud access. Organizations should treat any OpenClaw usage on corporate devices as a potential security incident and implement strict isolation, provenance tracking, and permission controls for agent frameworks.