Bitdefender Finds Malicious Payloads Lurking in OpenClaw AI Skills

Bitdefender Labs conducted a systematic review of the OpenClaw AI skill marketplace and identified a rising tide of skills that hide malicious payloads within their scripts. The hidden code is designed to activate only after the skill is installed, allowing attackers to bypass conventional security checks and gain a foothold on systems that trust AI‑driven extensions.

The discovery poses a direct threat to organizations that integrate AI assistants into their workflow, as compromised skills can exfiltrate data, deploy ransomware, or create back‑doors for further intrusion. Defenders should prioritize scanning any third‑party AI skill before deployment; Bitdefender’s new AI Skills Checker automates the detection of red‑flag behaviors, helping security teams block malicious extensions before they reach production environments.

Categories: Malware & Ransomware, Security Culture & Human Factors, AI Security & Threats

Source: Read original article