Massive OpenClaw supply chain attack floods OpenClaw with malicious skills

OpenClaw, formerly known as Moltbot and ClawdBot, had its ClawHub marketplace compromised with 1,184 illicit skills as part of a sweeping supply chain poisoning intrusion campaign dubbed ClawHavoc, according to GBHackers News.

Malicious skills have been uploaded en masse by threat actors who registered as ClawHub developers, who later lured targets into executing nefarious commands and downloading malware via ClickFix techniques, a report from Antiy CERT showed. Analysis of the skills revealed the concealment of malevolent instructions within seemingly legitimate SKILL.md/README documentation to enable further malware retrieval and execution, script-embedded reverse shell behavior, and direct data exfiltration activities.

Another payload discovered to have been spread by the skills was found to be associated with the Atomic macOS Stealer, or AMOS, malware. Increasingly prevalent security threats in OpenClaw should prompt its users to be more wary of the skills available in ClawHub, as well as documentation seeking the execution of copy-pasted commands and installation of password-protected archives.