Security researchers discovered widespread malware distribution through OpenClaw's skill marketplace, with VirusTotal identifying hundreds of malicious skills among 3,016 analyzed. Attackers exploited the platform's markdown-based skill format to deliver info-stealers through social engineering, instructing users to execute
Table of contents
The Promise and Risk of Agent Skills #How Skills Became a Malware Delivery Mechanism #Active Campaigns Targeting OpenClaw Skills #OpenClaw Adds VirusTotal Scanning to ClawHub #A New Class of Supply Chain Attack #Sort: