OpenClaw Skill Distributes Remcos & GhostLoader

**Executive summary:** This report analyzes a malicious OpenClaw skill named "DeepSeek-Claw" that functions as a supply-chain-like initial access vector, branching into two infection chains: a Windows-delivered Remcos RAT (via a downloaded MSI and DLL sideloading) and a cross-platform GhostLoader infostealer (via npm/install scripts and shell droppers); the analysis includes detailed evasive techniques (ETW/AMSI patching, anti-debug/VM checks), payload execution and exfiltration behaviors, and provides configuration samples and IOCs such as a C2 endpoint.