A major supply chain attack has compromised OpenClaw, a popular open-source AI agent platform, after researchers discovered that its ClawHub marketplace contained 1,184 malicious "skills" designed to deliver malware. The top-downloaded skill, disguised as legitimate tools like crypto bots or summarizers, tricked agents into executing malicious bash commands via hidden instructions in SKILL.md files, deploying infostealers such as Atomic Stealer (AMOS) on macOS systems. These payloads stole sensitive data including SSH keys, passwords, Telegram sessions, cryptocurrency wallets, and API keys, while also establishing reverse shells for remote access and exfiltrating information to attacker-controlled domains. A coordinated campaign, dubbed ClawHavoc and largely attributed to a single threat actor using accounts like "hightower6eu," uploaded hundreds of these malicious packages, some garnering thousands of downloads before detection. Security firms including Koi Security, Snyk, and Cisco AI Defense identified the threats through audits of thousands of skills, highlighting the growing risks of unvetted third-party plugins in AI agent ecosystems.

the #1 most downloaded skill on OpenClaw marketplace was MALWARE

it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server

1,184 malicious skills found, one attacker uploaded 677 packages ALONE

OpenClaw has a skill marketplace… pic.twitter.com/3Qw9QoB1nt

— chiefofautism (@chiefofautism) February 19, 2026