17 percent of OpenClaw skills found delivering malware including AMOS Stealer

Feb 2026

Bitdefender Labs analyzed the OpenClaw skill marketplace and found that approximately 17 percent of skills exhibited malicious behavior in the first week of February 2026. Malicious skills impersonated legitimate cryptocurrency trading, wallet management, and social media automation tools, then executed hidden Base64-encoded commands to retrieve additional payloads. The campaign delivered AMOS Stealer targeting macOS systems and harvested credentials through infrastructure at known malicious IP addresses.

Incident Details

Perpetrator:External attacker

Severity:Catastrophic

Blast Radius:All OpenClaw users installing skills from the marketplace exposed to credential theft and malware; crypto-focused skill categories particularly targeted; hundreds of malicious skills blending in among legitimate ones

Tech Stack

OpenClaw

References

Bitdefender Labs: Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap ↗Socket: OpenClaw Skill Marketplace Emerges as Active Malware Vector ↗