Malicious OpenClaw Skills Reportedly Delivered AMOS Stealer and Exfiltrated Credentials via ClawHub
- Date of incident
- February 1, 2026
- Jurisdiction
- —
- Sources
- 5 cited
- Last verified
- May 25, 2026
Summary
Bitdefender researchers reported abuse in OpenClaw's third-party 'skills' ecosystem. In a Feb. 2026 sample, about 17% of skills were reportedly assessed as malicious, with many seemingly cloned under slight name changes. Posing as utilities, some skills were reportedly found to run obfuscated commands, fetch remote payloads, and in some cases deliver AMOS Stealer on macOS. Other skills were reportedly observed searching for private keys or API tokens and exfiltrating them.
What is reported
Bitdefender researchers reported abuse in OpenClaw's third-party 'skills' ecosystem. In a Feb. 2026 sample, about 17% of skills were reportedly assessed as malicious, with many seemingly cloned under slight name changes. Posing as utilities, some skills were reportedly found to run obfuscated commands, fetch remote payloads, and in some cases deliver AMOS Stealer on macOS. Other skills were reportedly observed searching for private keys or API tokens and exfiltrating them.
Editorial note
factuality_score=98; 2 warnings; tags accepted as-is from pipeline
Sources
This record summarizes the cited reports. See the sources panel for the underlying URLs and archive copies.
Sources
- 01socprime.com — OpenClaw Malicious Skill Trapsecondary2/11/2026
- 02
- 03