TECH NEWS

Multiple malicious OpenClaw skills found online - including two macOS infostealers

https://cdn.mos.cms.futurecdn.net/DTZvZXmPaA8zMJoW733ZVa-1920-80.png
  • Palo Alto Networks’ Unit 42 found five malicious “skills” on ClawHub, OpenClaw’s official marketplace, delivering infostealers and fraud
  • Threat actors bypassed VirusTotal/ClawScan checks with inflated file sizes and evasive techniques, showing persistent supply chain risk
  • All malicious skills were removed and accounts banned; researchers urge strict provenance validation and source code audits for published packages

ClawHub is the latest marketplace hackers are poisoning with malware, in an attempt to compromise software developers and other advanced users. Earlier this week, security researchers from Palo Alto Networks’ Unit 42 team disclosed finding, and reporting, five “skills” on that marketplace, that sought to infect their users with infostealer malware.

First a little context: OpenClaw (originally published as Clawd/Clawdbot) was released in November 2025. It is an open-source agent platform that performs actions on a computer, such as browsing the web, or managing files, instead of simply answering questions like a chatbot....

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more