From Automation to Infection: How OpenClaw AI Agent Skills Are Being Weaponized

VirusTotal analyzed 3,016 OpenClaw skills and found hundreds with malicious characteristics: attackers are using skill packages and SKILL.md workflows to socially engineer users into downloading and executing remote binaries or scripts. A prolific publisher (hightower6eu) pushed hundreds of apparently benign skills that deliver malware—Windows executables and macOS Mach-O binaries (attributed to Atomic Stealer)—demonstrating a large-scale supply-chain abuse of AI agent extensions and providing concrete file hashes and behavioral indicators.