Incidente 1368: Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub

Descripción: Bitdefender researchers reported abuse in OpenClaw’s third-party “skills” ecosystem. In a Feb. 2026 sample, about 17% of skills were reportedly assessed as malicious, with many seemingly cloned under slight name changes. Posing as utilities, some skills were reportedly found to run obfuscated commands, fetch remote payloads, and in some cases deliver AMOS Stealer on macOS. Other skills were reportedly observed searching for private keys or API tokens and exfiltrating them.

Herramientas

Nuevo InformeNuevo InformeNueva RespuestaNueva RespuestaDescubrirDescubrirVer HistorialVer Historial

Estadísticas de incidentes

ID
1368
Cantidad de informes
1
Fecha del Incidente
2026-02-01
Editores
Daniel Atherton
Loading...
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
bitdefender.com · 2026

With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn't realistic --- especially when skills are designed to look helpful and familiar.

That's why Bitdefender offers a f…

Variantes

Una "Variante" es un incidente de IA similar a un caso conocido—tiene los mismos causantes, daños y sistema de IA. En lugar de enumerarlo por separado, lo agrupamos bajo el primer incidente informado. A diferencia de otros incidentes, las variantes no necesitan haber sido informadas fuera de la AIID. Obtenga más información del trabajo de investigación.
¿Has visto algo similar?

Incidentes Similares

Por similitud de texto

Did our AI mess up? Flag the unrelated incidents

Loading...
Inappropriate Gmail Smart Reply Suggestions

Inappropriate Gmail Smart Reply Suggestions

· 22 informes
Loading...
Biased Sentiment Analysis

Biased Sentiment Analysis

· 7 informes
Loading...
Wikipedia Vandalism Prevention Bot Loop

Wikipedia Vandalism Prevention Bot Loop

· 6 informes
Incidente Anterior