OpenClaw AI Skills Weaponized: Malicious Agents Deliver Malware at Scale

Researchers have uncovered that threat actors are publishing harmful “skills” for OpenClaw AI agents. These skills appear to be legitimate productivity or automation tools, but when invoked they silently download and execute malware on the host system. The campaign currently includes at least nine distinct malicious skills that leverage OpenClaw’s automation capabilities to spread ransomware, credential‑stealers, and remote‑access tools without user interaction.

For defenders, this represents a new supply‑chain vector that bypasses traditional endpoint filters by exploiting trusted AI platforms. The automated nature of OpenClaw agents allows rapid, large‑scale distribution of payloads, making detection based on signatures difficult. Security teams should start monitoring the OpenClaw marketplace for unknown or newly published skills, enforce strict verification of skill provenance, and deploy behavior‑based monitoring to catch anomalous activity stemming from AI‑driven automation.

Categories: AI Security & Threats, Malware & Ransomware, Threat Intelligence

Source: Read original article