BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

ClawHub Security Audit Finds 341 Malicious Skills

ClawHub malware campaign uses 341 fake crypto skills to infect macOS with Atomic Stealer, posing a supply chain risk.

[Security researchers uncovered 341 malicious skills on the ClawHub marketplace designed to infect systems with stealer malware.][The ClawHavoc campaign primarily targets macOS users, deploying the $500-1000/month Atomic Stealer (AMOS) to steal crypto assets and sensitive data.][The skills pose a supply chain risk by disguising themselves as popular cryptocurrency tools, YouTube utilities, and productivity bots to trick users.]

- Advertisement -

A recent security audit by Koi Security has uncovered hundreds of malicious skills on the ClawHub marketplace, exposing OpenClaw AI assistant users to significant supply chain risks. The investigation, assisted by an OpenClaw bot named Alex, identified 341 tainted skills across multiple campaigns targeting the ecosystem. This widespread infiltration marks a new vector for malware distribution within popular open-source platforms.

Most malicious skills, 335 in total, use a deceptive prerequisite step to install the Atomic Stealer (AMOS) on macOS systems, according to the ClawHavoc campaign findings. “You install what looks like a legitimate skill,” Koi researcher Oren Yomtov said. “But there’s a ‘Prerequisites’ section that says you need to install something first.” The instructions ultimately lead to a trojan that harvests API keys, credentials, and other sensitive data.

The skills cleverly masquerade as high-demand tools to attract victims, particularly in the cryptocurrency space. They pose as Solana wallet trackers, Polymarket trading bots, and even lost Bitcoin finders. Consequently, threat actors are exploiting the platform’s open nature and OpenClaw’s rising popularity to target users’ digital assets. Meanwhile, a separate report from OpenSourceMalware also flagged the same campaign, noting all skills share the same command-and-control infrastructure.

The campaign’s sophistication is heightened by OpenClaw’s inherent design vulnerabilities, which researchers describe as a “lethal trifecta.” According to a Palo Alto Networks report, the assistant’s access to private data, exposure to untrusted content, and ability to communicate externally creates significant risk. This combination is further amplified by persistent memory, enabling stateful, delayed-execution attacks. Consequently, malicious payloads can lie dormant in memory before activating under specific conditions.

- Advertisement -

In response to the threat, OpenClaw’s creator has introduced a user reporting feature to flag suspicious skills. The creator, Peter Steinberger, configured the system to auto-hide any skill receiving more than three unique reports. However, the restriction for publishers remains minimal, requiring only a GitHub account older than one week. This incident underscores the persistent challenge of securing open-source ecosystems against evolving social engineering tactics.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Black: SpaceX acquiring Tesla would dilute shareholders 25%

Gary Black rejected speculation that SpaceX could acquire Tesla, warning such a deal could...

Bybit launches Indonesia platform after acquiring NOBI

Bybit launched a locally operated platform in Indonesia after acquiring a majority stake in...

Bitcoin Futures Liquidity Drives Price Action Near Key $64K Level

Bitcoin's short-term price action is increasingly driven by futures market activity, with prices gravitating...

Hacker leaks Suno source code, confirms massive music scraping

A Hacker using the Shai-Hulud worm breached AI music platform Suno and leaked source...

Analysts, traders: Stripe-Advent offer undervalues PayPal

A reported $53.4 billion takeover offer from Stripe and Advent International at $60.50 per...

Must Read

How To Travel With Bitcoin: 9 Travel Companies Accepting Bitcoin

Bitcoin travel is a reality, as several travel companies now accept payments in cryptocurrencies for their services.Those who have opened a Bitcoin account on...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading