Incident 1368: Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

Description: Bitdefender researchers reported abuse in OpenClaw's third-party 'skills' ecosystem. In a Feb. 2026 sample, about 17% of skills were reportedly assessed as malicious, with many seemingly cloned under slight name changes. Posing as utilities, some skills were reportedly found to run obfuscated commands, fetch remote payloads, and in some cases deliver AMOS Stealer on macOS. Other skills were reportedly observed searching for private keys or API tokens and exfiltrating them.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Incident Stats

Incident ID
1368
Report Count
4
Incident Date
2026-02-01
Editors
Daniel Atherton
Applied Taxonomies
MIT

MIT Taxonomy Classifications

Machine-Classified
Taxonomy Details

Risk Subdomain

4.3. Fraud, scams, and targeted manipulation

Risk Domain

  1. Malicious Actors & Misuse

Entity

Human

Timing

Post-deployment

Intent

Intentional

Loading...
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
thehackernews.com · 2026

A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks.

ClawHub is a marketplace designed to make it easy f…

Loading...
OpenClaw agents targeted with 341 malicious ClawHub skills
scworld.com · 2026

More than 300 malicious OpenClaw skills hosted on ClawHub spread malware including the Atomic macOS Stealer (AMOS), keyloggers and backdoors, Koi Security reported Sunday.  

OpenClaw, formerly known as Moltbot and Clawdbot, is an open-sourc…

Loading...
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
bitdefender.com · 2026

With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn't realistic --- especially when skills are designed to look helpful and familiar.

That's why Bitdefender offers a f…

Loading...
OpenClaw Malicious Skill Trap
socprime.com · 2026

AIID editor's note: See the original source for the full report.

Summary

Bitdefender Labs reports that hostile OpenClaw Skills are being abused to fetch and run malware, with a clear focus on stealing crypto-wallet data and user credentials…

Variants

A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Loading...
Inappropriate Gmail Smart Reply Suggestions

Inappropriate Gmail Smart Reply Suggestions

· 22 reports
Loading...
Biased Sentiment Analysis

Biased Sentiment Analysis

· 6 reports
Loading...
Wikipedia Vandalism Prevention Bot Loop

Wikipedia Vandalism Prevention Bot Loop

· 6 reports
Previous IncidentNext Incident