A security audit of 2,857 ClawHub skills found 341 malicious skills across multiple campaigns, with 335 using fake prerequisites to deliver the macOS information stealer Atomic Stealer. Attackers used typosquat and utility-style skills to socially engineer users into running installers or glot[.]io scripts that fetch payloads from 91.92.242[.]30 to install keyloggers, reverse shells, and exfiltrate credentials. #AtomicStealer #OpenClaw
Keypoints
- Koi Security audited 2,857 ClawHub skills and identified 341 malicious entries.
- A 335-skill cluster codenamed ClawHavoc used fake prerequisites to install Atomic Stealer on macOS.
- Malicious skills masqueraded as wallets, YouTube utilities, auto-updaters, Polymarket bots, and ClawHub typosquats.
- Payloads included keyloggers, reverse shells, and exfiltration of ~/.clawdbot/.env to attacker infrastructure at 91.92.242[.]30.
- OpenClawβs permissive upload policy enabled abuse, prompting a new reporting feature amid warnings about prompt-injection and persistent-memory attack risks.
Read More: https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html