OpenClaw AI Agents Weaponized: Hundreds of Malicious Skills Disguised as Benign

VirusTotal’s research team identified a systematic abuse of the OpenClaw AI platform, where threat actors publish seemingly innocuous “skills” that silently download and execute malicious code. The user account hightower6eu was linked to hundreds of these rogue skills, each crafted to look like legitimate automation tasks while actually serving as a delivery mechanism for malware.

The malicious skills give attackers a stealthy foothold by leveraging the trusted OpenClaw infrastructure, allowing payloads to run on victim systems without triggering typical signature‑based alarms. This expands the attack surface, facilitates rapid malware propagation, and complicates incident response by blending malicious activity with legitimate AI‑driven workflows.

Defenders must treat AI skill repositories as a new attack vector. Continuous monitoring of published skills, enforcing strict provenance checks, and applying behavior‑based detection to any code fetched via OpenClaw are essential steps to prevent these covert infections and protect the supply chain from AI‑enabled abuse.

Categories: AI Security & Threats, Malware & Ransomware

Source: Read original article