Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap

Bitdefender Labs uncovered a large-scale campaign abusing OpenClaw skills to distribute malicious code and harvest credentials—about 17% of analyzed skills in early February 2026 exhibited malicious behavior. Attackers clone and republish crypto-focused utilities and maintenance/updater skills to trick users into running Base64-obfuscated shell commands that fetch payloads (hosted repeatedly from 91.92.242.30, paste services, and impersonating GitHub repos), delivering macOS AMOS Stealer and silent exfiltration tools that target private keys, API tokens, and social accounts; the campaign impacts consumers and enterprises and the report recommends treating skills like software installs, avoiding external binaries, isolating crypto tooling, and using security solutions.