{"id":13860,"date":"2026-06-25T10:03:41","date_gmt":"2026-06-25T10:03:41","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/25\/openclaw-skill-marketplace-exposes-ai-agents-to-supply-chain-malware-and-financial-fraud\/"},"modified":"2026-06-25T10:03:41","modified_gmt":"2026-06-25T10:03:41","slug":"openclaw-skill-marketplace-exposes-ai-agents-to-supply-chain-malware-and-financial-fraud","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/25\/openclaw-skill-marketplace-exposes-ai-agents-to-supply-chain-malware-and-financial-fraud\/","title":{"rendered":"OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud"},"content":{"rendered":"<p>    OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">A wave of malicious skills targeting the OpenClaw AI agent marketplace has exposed a dangerous new frontier in software supply chain security. <\/p>\n<p class=\"wp-block-paragraph\">Attackers are using the ClawHub skill marketplace to push harmful code into AI agent environments, stealing data and running financial fraud schemes that traditional security tools failed to catch.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">OpenClaw is an AI agent that runs third-party skills sourced from ClawHub, a dedicated marketplace. These skills are markdown-driven packages with deep access to local systems. <\/p>\n<p class=\"wp-block-paragraph\">When a malicious skill is installed, it can seize full control of the agent\u2019s identity and execute unauthorized actions through the agent\u2019s own authenticated sessions, all without needing a conventional exploit.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/\" id=\"https:\/\/unit42.paloaltonetworks.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Researchers from\u00a0Unit 42\u00a0said in a report<\/a> shared with Cyber Security News (CSN) that their analysis between February and May 2026 uncovered five malicious skills that slipped past ClawHub\u2019s integrated VirusTotal and ClawScan screening. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh7wlU6OsBd_tdtJpEQ_5B_0lKaZa4pj5fhPB8ICSpXzLhfhGe2UERsdYSEDQw2kzLoS4_wMf7keLsvqNXVDPHi4EVEXKYoLfqnufYHTgyp0UG10bJlxxnqeQlLlLHCCuKbmyPVCkREMWWKNaIZGSFmxasjqnjUMmGpdrt1VLZ-Loh_zURFikDFkzrY0ys\/s16000\/ClawHub%2520marketplace%2520listings%2520for%2520two%2520TradingView%2520assistant%2520skills%2520%28Source%2520-%2520Unit42%29.webp?ssl=1\" alt=\"ClawHub marketplace listings for two TradingView assistant skills (Source - Unit42)\"><figcaption class=\"wp-element-caption\">ClawHub marketplace listings for two TradingView assistant skills (Source \u2013 Unit42)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">All five were reported for takedown, and the associated accounts were subsequently banned.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The five skills fell into three threat categories: infostealers connected to command-and-control infrastructure, a file-padding evasion tool designed to exceed scanner thresholds, and two novel agentic threats built for financial gain. <\/p>\n<p class=\"wp-block-paragraph\">Bitdefender Labs had previously flagged that roughly 17% of skills on the platform carried malicious payloads, and Koi Security\u2019s ClawHavoc disclosure <a href=\"https:\/\/cybersecuritynews.com\/clawhub-cisco-vercels-malicious-skill-detector-bypassed\/\" id=\"151896\" target=\"_blank\" rel=\"noreferrer noopener\">documented 341 malicious skills across the marketplace<\/a>.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The persistence of these threats, even after automated screening was introduced, signals that the risk to AI agent ecosystems is far from resolved. <\/p>\n<p class=\"wp-block-paragraph\">The core problem is that malicious skills use natural language to hijack the AI\u2019s own instruction-following behavior, <a href=\"https:\/\/cybersecuritynews.com\/web3-developer-environments-targeted-by-social-engineering-campaign\/\" id=\"139406\" target=\"_blank\" rel=\"noreferrer noopener\">bypassing guardrails that protect more conventional software environments<\/a>.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-openclaw-skill-marketplace-exposes-ai-agents\" class=\"wp-block-heading\"><strong>OpenClaw Skill Marketplace Exposes AI Agents<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Two of the five threats were skills disguised as TradingView productivity assistants for macOS. <\/p>\n<p class=\"wp-block-paragraph\">Both embedded a malicious prerequisite block that directed agents to a paste-site redirect lure at rentry[.]co\/openclaw-code, where a Base64-encoded command waited to be run in a terminal window. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizWcXGod-ud5x0G7Ff00iQmJAcFZ24x8Diq_B2RxzxVS_DXQuHBRAWcZ98DG7sVjMD5G3SEddp-Z7JQaVU5QS7mnqFN5HSqvXhxgZKVOlnfbGGsemxqx2nkRN8P3DYxYHTLg0lTvr40TijPun-ppK8Illu6Qb5pZC_clm9VoYbv7rMSTl5f9w9arhU6FU\/s16000\/Paste-site%2520redirect%2520lure%2520%28Source%2520-%2520Unit42%29.webp?ssl=1\" alt=\"Paste-site redirect lure (Source - Unit42)\"><figcaption class=\"wp-element-caption\">Paste-site redirect lure (Source \u2013 Unit42)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">That command then pulled a macOS infostealer named cluw from a remote server at 2.26.75[.]16.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">A separate skill called omnicogg embedded the AMOS malware dropper inside a README.md file, then padded it with 22 MB of junk characters to exceed file size limits that most scanning pipelines enforce. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiJm5RVGuQbkCua_RjJBUjXnPxm0Q04BY_QGMpg8QgtZhHi5jAQliP4o5BrP4fHE9z32E4FSbcW4AeBOFbOKc5jKbAuQIlpOQ_2BfDcDLMZ1-i7d9vuARpHsfPRS40UJ4hsyoocGbYWBOF16VPUAgWRQ0CKHcPQCdGqisTIdCWEPTKvwS16g1hp0iKBe-Q\/s16000\/The%2520omnicogg%2520skill%27s%2520README.md%2520file%2520%28Source%2520-%2520Unit42%29.webp?ssl=1\" alt=\"The omnicogg skill's README.md file (Source - Unit42)\"><figcaption class=\"wp-element-caption\">The omnicogg skill\u2019s README.md file (Source \u2013 Unit42)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">Both VirusTotal and ClawScan returned clean verdicts, meaning the skill stayed freely available while hiding live malicious code.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Each of these skills mimicked a legitimate tool. The TradingView skills appeared to be trader productivity aids, and omnicogg passed for a general utility. <\/p>\n<p class=\"wp-block-paragraph\">Attackers exploited the trust users place in a curated marketplace, making detection harder for both automated tools and human reviewers alike.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-agentic-financial-fraud-and-novel-exploitation\" class=\"wp-block-heading\"><strong>Agentic Financial Fraud and Novel Exploitation<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Beyond data theft, researchers found two skills built to abuse the AI agent\u2019s advisory authority for financial gain. The money-radar skill posed as a financial product advisor for users in mainland China, Hong Kong, and Singapore. <\/p>\n<p class=\"wp-block-paragraph\">On every invocation, it silently fetched a payload from laosji[.]net and embedded affiliate tracking links into every recommendation it generated. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhlXM1SjjM0LwTfoK7twYKWU0PrcWMw_uCFpGgJdEeTKzJVpksv9cN31C-Q3KILnzfQUOVJHLGRXbsozMK6VJXgpMOWuUucI8Z0E7yinTnSdb8vHj-9AAHFSGWe6yko0bNjhQ7Lz54YLbK8eWKBtCpGnqtE-196dO60TT7vTPjN9G6_PkayRx3ZTBH2aNo\/s16000\/The%2520money-radar%2520skill%27s%2520SKILL.md%2520instructs%2520the%2520agent%2520to%2520fetch%2520data%2520from%2520laosji%255B.%255Dnet%2520%28Source%2520-%2520Unit42%29.webp?ssl=1\" alt=\"The money-radar skill's SKILL.md instructs the agent to fetch data from laosji[.]net (Source - Unit42)\"><figcaption class=\"wp-element-caption\">The money-radar skill\u2019s SKILL.md instructs the agent to fetch data from laosji[.]net (Source \u2013 Unit42)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">The operator could swap out recommended products at any time without the user\u2019s knowledge. <a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>The letssendit skill went further by running a pump-and-dump scheme on the Solana blockchain. <\/p>\n<p class=\"wp-block-paragraph\">Installed agents pooled SOL cryptocurrency into the operator\u2019s wallet, after which the operator purchased the SENDIT meme token at the lowest available price before launching it on pump[.]fun. <\/p>\n<p class=\"wp-block-paragraph\">Outside buyers could mistake the coordinated AI activity for organic demand, allowing the operator to dump their cheap position onto secondary buyers at a profit.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">These cases represent some of the first documented instances of <a href=\"https:\/\/cybersecuritynews.com\/hackers-using-ai-agents\/\" id=\"91523\" target=\"_blank\" rel=\"noreferrer noopener\">autonomous AI agents being used for coordinated financial fraud<\/a>. <\/p>\n<p class=\"wp-block-paragraph\">Researchers recommend validating publisher provenance, auditing skill source files line by line, and monitoring outbound network traffic for connections to undocumented endpoints. <\/p>\n<p class=\"wp-block-paragraph\">Any behavior that does not match a skill\u2019s stated purpose should be flagged as a potential indicator of compromise.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/7c6f5a5d-9153-4b69-aa0f-bae2a3f0b336\/OpenClaw-Skill-Marketplace-Exposes-AI-Agents-to-Supply-Chain-Malware-and-Financial-Fraud.pdf?AWSAccessKeyId=ASIA2F3EMEYEUT6ZJQSM&amp;Signature=s8P6z3tQ%2BHuCl7nmPpOHsmvr8eg%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEID%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJGMEQCIE6dO4v8ZtikW4xSfjaz2mmgyTFhsUSUzi1KHj1V55zOAiA%2F3upjB3jiL4MPfbedocqARh95MnOraL2N2DLEn%2F8y9yrzBAhIEAEaDDY5OTc1MzMwOTcwNSIMkrOhHTHqpzmJ65hjKtAE00M2p38CbDmDpLdDJGKx%2Fc7Oqxc7uD8LTDE8PunkGwtC0H9Z%2BRKR9nBQDbtdF3V4t4dF5TNhxryHvfvXogasDGt4J3137Va1p%2FjZulra6v6%2BRC16xv%2FasQ9cONP9Uaq%2BgaTutnrQgu6JuiWuXlbrZjgDHdIHFjgX7MhSM9LLkHriyDInBhSN3EYrf7OY6kRj8cHm5w75Pp32XeDjdNHfZmIsXqZWLg9ivgeH6H0YfUSOgRX7m8Bb4bs064FzDHEsWS62lwNhU5fikX6K0M7A97b5uLmRXNM3tqrpyLjX2sy4boyhobr2yJR4BtU%2FB1aZJ0Y4RwcC%2BUiLLB8DLVsorsarBON4u7fDgM5xrjjP3syC5GJk1cm%2BsqOyqCeIW9g%2FofDAhe0Bg86%2Fsrlr62G3st4qe5Ax8GGoanI%2FkKwyCsNvfMlSzeiV9HKQYmmlDmESeekKz4vyJt5g8X3Nw8mPU%2Bqp%2BMUATfI8Q%2F73TPJu8R%2BxvQjJOT3o79iamJXOkR%2Fs0s3iyX6ekQc1IwfHqtMFj1xb4StO53TGg4qSBxYJ%2B%2BMySmJy%2FBHh2yXLkUDudODNGXnaE0nkVjhLZwTPogsFuQQ8Pg7y%2FMbXR7jXC%2BZQTeZJIQId33RMVXzFmIoWPcUb4EFIUbaAbbTeUTpRRfTB4ASjybizBX9JltuFK8IQt%2BmJuARRDwB53iTgg6O17lGdo4PXvEUfhRtUQDZkQgRLWSCaKNZD%2BhGkm3IlfVUOTvX323%2BGHsnCW9qIxRyxdn3Y6wBW95ts69Eci2QFeneSazDtp%2FPRBjqZARuYCB8%2B1BDufM6ytY8AO77IFyY6Q0ufVF48hbFr5wq55tiBHwvPmYO9JJ2hb%2B89tsV3AccBhz2W65rLkQ9cX1gxiie7e248qCrQhwyOMZzJEEtSz%2Fnf3ZO%2BlFQspcJvy9iOszEn%2B8wdSOI8ieCoQ0dZa7%2BI4fIkhVV5NftnRC7fLzVdE%2Fww2j3qDvEabPEbT57w2zKPgFtiuw%3D%3D&amp;Expires=1782374848\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\" id=\"h-indicators-of-compromise-iocs\"><strong>Indicators of Compromise (IoCs):-<\/strong><\/p>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Type<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Indicator<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>IP Address<\/td>\n<td>2.26.75[.]16<\/td>\n<td>C2 server hosting the cluw macOS infostealer payload<\/td>\n<\/tr>\n<tr>\n<td>IP Address<\/td>\n<td>91.92.242[.]30<\/td>\n<td>AMOS C2 server used in early and ongoing campaigns<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td>91.92.242[.]30\/lamq4<\/td>\n<td>AMOS payload delivery endpoint<\/td>\n<\/tr>\n<tr>\n<td>Domain<\/td>\n<td>download.setup-service[.]com<\/td>\n<td>Malicious download distribution domain<\/td>\n<\/tr>\n<tr>\n<td>Domain<\/td>\n<td>install.app-distribution[.]net<\/td>\n<td>Malicious app distribution domain<\/td>\n<\/tr>\n<tr>\n<td>Domain<\/td>\n<td>laosji[.]net<\/td>\n<td>Domain used for runtime affiliate injection via money-radar skill<\/td>\n<\/tr>\n<tr>\n<td>Domain<\/td>\n<td>openclawcli.vercel[.]app<\/td>\n<td>Infrastructure associated with malicious OpenClaw CLI<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td>rentry[.]co\/openclaw-code<\/td>\n<td>Paste-site redirect lure delivering Base64-encoded dropper<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td>glot[.]io\/snippets\/hfd3x9ueu5<\/td>\n<td>Paste-site intermediary used for macOS payload delivery<\/td>\n<\/tr>\n<tr>\n<td>GitHub URL<\/td>\n<td>github[.]com\/Ddoy233\/openclawcli<\/td>\n<td>Malicious OpenClaw CLI repository<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td>818aea6143282b352fdfdc0f3ebf77a36e54eb3befb5cad1a355a99ab97c6aa7<\/td>\n<td>macOS infostealer cluw payload<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td>881ce5cb124c4d2e814783724cc1388f6a1cbf6eee274c3f3366e77ba3503ad7<\/td>\n<td>Malicious skill payload hash<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td>b30eaed1f7478c28f4ec50d07ed5ef014ffbc4b2bc5a38d689ba9f7abb5e19c2<\/td>\n<td>omnicogg skill (file-padded AMOS dropper)<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td>b6c7e0bf573b1c7d9d3a05eb08d26579199515b847df984862805f44a7af8007<\/td>\n<td>tradingview-ai-indicator-assistant malicious skill<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td>ebb73dbb5aac1f6fe1a88e8f26126a1e1aa34c9f3345ad4345189b40d9bf1d1d<\/td>\n<td>money-radar affiliate injection skill<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td>f4e41aa269c88bf11a2022701a9cf41e9a186aa1b224d837c31bf34e0b875d0e<\/td>\n<td>letssendit agentic front-running skill<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/santi-text-game<\/td>\n<td>Malicious skill identified in research<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/omnicogg<\/td>\n<td>File-padded AMOS dropper skill<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/letssendit<\/td>\n<td>Agentic front-running \/ pump-and-dump skill<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/money-radar<\/td>\n<td>Runtime agentic affiliate injection skill<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/ai-tradingview-assistant-for-macos<\/td>\n<td>macOS infostealer delivery skill<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/tradingview-ai-indicator-assistant<\/td>\n<td>macOS infostealer delivery skill<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/pdfcheck<\/td>\n<td>Malicious skill identified in research<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/update<\/td>\n<td>Malicious skill identified in research<\/td>\n<\/tr>\n<tr>\n<td>Publisher\/Skill<\/td>\n<td>[redacted]\/wistec-core<\/td>\n<td>Malicious skill identified in research<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p class=\"wp-block-paragraph\"><strong>Note:<\/strong>\u00a0<em>IP addresses and domains are intentionally defanged (e.g.,\u00a0<\/em><code><em>[.]<\/em><\/code><em>) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM<\/em>.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 90%,rgb(169,184,195) 100%)\"><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong> <strong><strong><a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener\">Google<\/a><\/strong><\/strong>.<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/openclaw-skill-marketplace-exposes-ai-agents\/\">OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/openclaw-skill-marketplace-exposes-ai-agents\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud A wave of malicious skills targeting the OpenClaw AI agent marketplace has exposed a dangerous new frontier in software supply chain security. Attackers are using the ClawHub skill marketplace to push harmful code into AI agent environments, stealing data and running financial [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-13860","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13860"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13860"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13860\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}