69/69 Wednesday, February 4, 2026
Security researchers have identified a large number of malicious add-on packages, or “Skills,” targeting OpenClaw-an open-source personal AI assistant formerly known as Moltbot and ClawdBot. These threats were discovered on the official registry (ClawHub) and GitHub between January 27 and February 1. More than 230 harmful Skills were found impersonating legitimate tools, such as automated cryptocurrency trading systems and social media management utilities, in an attempt to deceive users.
The attack technique resembles the ClickFix method. The malicious Skills include convincing documentation that tricks victims into downloading and installing a fake companion tool called “AuthTool,” presented as a required component but actually serving as a malware dropper. On macOS, attackers use shell commands to download the NovaStealer malware family, which can bypass Gatekeeper protections. On Windows, the malware is delivered through password-protected ZIP files. The primary objective is to steal sensitive information, including API keys, cryptocurrency wallet private keys, Keychain data, browser passwords, SSH keys, and cloud credentials.
The developers of OpenClaw acknowledged that they were unable to review the large volume of submitted Skills in a timely manner. Users are therefore urged to perform their own security checks before installing any extensions. Meanwhile, Koi Security has released a URL scanning tool to help with preliminary safety assessments. Experts warn that because OpenClaw has broad access to local system resources, users should adopt layered security measures-such as running the software inside a virtual machine (VM), restricting permissions, and disabling remote access when not necessary-to reduce potential risks.
