Unknown threat actors distributing malicious OpenClaw skills

Incidents involved as Deployer

Incident 13681 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

2026-02-01

Bitdefender researchers reported abuse in OpenClaw’s third-party “skills” ecosystem. In a Feb. 2026 sample, about 17% of skills were reportedly assessed as malicious, with many seemingly cloned under slight name changes. Posing as utilities, some skills were reportedly found to run obfuscated commands, fetch remote payloads, and in some cases deliver AMOS Stealer on macOS. Other skills were reportedly observed searching for private keys or API tokens and exfiltrating them.

Related Entities

Unknown threat actors

Incidents involved as Deployer

Incident 1368
1 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

Unknown malicious actors

Incidents involved as both Developer and Deployer

Incident 1368
1 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

OpenClaw

Incidents involved as Developer

Incident 1368
1 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

Incidents implicated systems

Incident 1368
1 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

Organizations using OpenClaw

Incidents Harmed By

Incident 1368
1 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

OpenClaw users

Incidents Harmed By

Incident 1368
1 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

OpenClaw skills ecosystem

Incidents implicated systems

Incident 1368
1 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

ClawHub

Incidents implicated systems

Incident 1368
1 Report
Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub