Description: Bitdefender researchers reported abuse in OpenClaw’s third-party “skills” ecosystem. In a Feb. 2026 sample, about 17% of skills were reportedly assessed as malicious, with many seemingly cloned under slight name changes. Posing as utilities, some skills were reportedly found to run obfuscated commands, fetch remote payloads, and in some cases deliver AMOS Stealer on macOS. Other skills were reportedly observed searching for private keys or API tokens and exfiltrating them.
Entities
View all entitiesAlleged: Unknown malicious actors and OpenClaw developed an AI system deployed by Unknown threat actors distributing malicious OpenClaw skills , Unknown threat actors and Unknown malicious actors, which harmed Organizations using OpenClaw and OpenClaw users.
Incident Stats
Incident ID
1368
Report Count
1
Incident Date
2026-02-01
Editors
Daniel Atherton
Incident Reports
Reports Timeline
Loading...
With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn't realistic --- especially when skills are designed to look helpful and familiar.
That's why Bitdefender offers a f…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Loading...
Biased Sentiment Analysis
· 7 reports
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Loading...
Biased Sentiment Analysis
· 7 reports