OpenClaw AI Skills Weaponized to Distribute Malware via Automation Tools

VirusTotal researchers have uncovered a campaign in which a prolific threat actor is publishing malicious “skills” on the OpenClaw AI platform. These skills are crafted to appear as legitimate automation scripts but silently fetch and execute payloads on compromised hosts. By leveraging the platform’s marketplace, the actor can distribute the malicious code to any user who imports the skill, effectively turning a benign AI‑driven automation tool into a mass‑distribution vector.

The weaponized skills bypass traditional security controls because they run inside a trusted automation environment, allowing rapid delivery of ransomware, information stealers, and other payloads. Defenders should treat OpenClaw skill imports as high‑risk, enforce strict allow‑lists, monitor network traffic for unexpected download patterns, and integrate indicators of compromise from the published malicious skill hashes into their detection pipelines. Early detection and blocking of these AI‑generated automation tasks are essential to prevent widespread infection.

Categories: AI Security & Threats, Malware & Ransomware

Source: Read original article