NEW YORK, N.Y., Mar 26, 2026 - (ACN Newswire) - OpenClawd AI today released a security-focused platform update that adds automated skill vetting, verified installer sourcing, and runtime sandboxing to its managed OpenClaw hosting service. The update responds to two converging threats targeting users of the open-source AI agent formerly known as Clawdbot and Moltbot: a large-scale malware campaign inside the official OpenClaw skill marketplace, and a parallel wave of counterfeit installation packages being promoted through search engine results.The numbers are bad enough on their own. Together, they describe a supply chain that is actively hostile to casual users.
One in Eight OpenClaw Skills Is Confirmed Malicious
Independent security researchers recently completed an audit of the ClawHub skill marketplace — the primary distribution channel for third-party OpenClaw plugins. Out of 2,857 published skills, 341 were confirmed as malicious. That is approximately 12% of the entire marketplace.
The findings include:
Keyloggers and credential stealers deployed through skills that appear to offer legitimate productivity features
Silent data exfiltration — one widely-downloaded skill was found to instruct the OpenClaw agent to execute curl commands that sent user data to an external server without any notification or consent prompt
Prompt injection payloads embedded in skill descriptions, designed to override the agent’s safety guidelines and force execution of unauthorized commands
Plaintext credential exposure — a separate audit found that over 280 additional skills were leaking API keys, tokens, and passwords in their source code
A major cybersecurity firm tested a specific ClawHub skill and published the results: nine security findings, including two critical and five high-severity issues. The skill functioned as what the researchers called “functionally malware.” The most widely-downloaded malicious skill on ClawHub was a cryptocurrency stealer.
Fake OpenClaw Installers Are Being Promoted by Search Engines
The marketplace problem is only half the story. A cybersecurity research team discovered that threat actors have published counterfeit OpenClaw installation packages on open-source code repositories. These fake installers mimic the legitimate OpenClaw setup process but instead deliver a malware packer that disables firewall protections and routes network traffic through compromised systems.
The attack chain is straightforward: a user searches for “install OpenClaw” or “Clawdbot download.” An AI-powered search engine returns a result linking to the malicious repository. The user follows the instructions. The malware deploys silently.
The researcher who discovered the campaign noted that the person who first reported the threat was a technical professional. “If a fellow IT pro is susceptible to this threat,” he said, “then anyone could be.”
“There are now two ways to get compromised before you even run your first OpenClaw command,” said Danny Wilson, spokesperson for OpenClawd. “You can install a fake version of the software, or you can install the real version and then add a skill that steals your data. We built this update so that neither path exists on our platform.”
What OpenClawd Ships Today
This update targets both the supply chain and the runtime:
Click here to continue