OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat
ID: b290fae0-6a92-5c5c-886b-b680732797fa
STIX ID: report--b290fae0-6a92-5c5c-886b-b680732797fa
Feed Name: Palo Alto Networks Unit 42
Date Published: 2026-06-23
Date Updated: 2026-06-24
Author: Shresta Bellary Seetharam, Nabeel Mohamed, Billy Melicher and Oleksii Starov
Unit 42 analyzed malicious "skills" on the OpenClaw/ClawHub marketplace (Feb–May 2026) and identified five unblocked malicious packages that delivered macOS infostealers, evaded detection via file-padding, and weaponized AI agent execution for financial fraud (affiliate funneling and coordinated front-running), providing technical details and IOCs (IPs, domains, publisher/skill names, SHA256 hashes) and recommending supply-chain validation and network monitoring.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
