PALO Alto Networks' Unit 42 reported finding five malicious skills on the ClawHub marketplace for OpenClaw, an AI agent. These skills evaded detection to deliver macOS infostealers and facilitate financial fraud between February and May 2026. The skills were designed to use the agent's authority, allowing the transfer of control without traditional malware exploits. Several of the skills tricked users into downloading infostealers and enabled scam operations through misleading financial advice.
OpenClaw has since banned the accounts involved and removed the malicious skills, but no law enforcement action has been reported. The incident highlights vulnerabilities in AI agent ecosystems and the need for improved security measures.