Malicious ClawHub Skills Target OpenClaw Users
ID: c646436b-0e5b-54b1-88f8-0f331b6f02da
STIX ID: report--c646436b-0e5b-54b1-88f8-0f331b6f02da
Feed Name: OpenSourceMalware Blog
Date Published: 2026-02-01
Date Updated: 2026-06-20
Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2
This blog details a supply-chain style campaign where threat actors published ~386 malicious ClawHub/OpenClaw skills that social-engineer users into downloading and executing payloads (macOS and Windows) that harvest cryptocurrency keys, browser and keychain credentials, SSH and cloud credentials; the report provides attack chains, malware hashes and filenames, a shared C2 IP (91.92.242.30), affected repositories/users, and detection/remediation guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
