Sydney, Australia – 9 February 2026 – New research from Bitdefender Labs has uncovered extensive and active abuse within the rapidly growing OpenClaw AI skills ecosystem, revealing how seemingly helpful automation tools are being weaponised to deliver malware, steal credentials, and compromise both consumer and corporate environments.

OpenClaw, an open-source execution engine that allows AI agents to act on a user’s behalf, has surged in popularity, attracting more than 160,000 stars on GitHub in a short period. Its appeal lies in modular “skills” that automate tasks such as crypto trading, wallet tracking, account management, and workflow orchestration across devices. But according to Bitdefender Labs, those same skills are increasingly becoming the attack surface.

Analysing OpenClaw skills in early February 2026, Bitdefender researchers found that approximately 17% exhibited malicious behaviour. Crypto-focused skills were the most heavily abused, accounting for more than half of all malicious samples identified. These skills commonly masqueraded as trading agents, wallet helpers, or gas trackers for platforms such as Solana, Phantom, Binance, Ethereum, and Polymarket.

Rather than relying on phishing emails or fake pop-ups, attackers are exploiting trust in automation. Malicious skills are frequently cloned and republished under slightly different names to appear legitimate and popular. Once installed, they quietly execute obfuscated shell commands, download additional payloads from external infrastructure, and run them automatically.

In multiple cases, Bitdefender Labs observed OpenClaw skills delivering AMOS Stealer on macOS, a known infostealer capable of harvesting browser data, credentials, and crypto-related information. The activity was linked to a recurring infrastructure pattern, including scripts and malware hosted from the same IP address and staged via public paste services and GitHub repositories designed to impersonate legitimate OpenClaw tooling.

Bitdefender Labs researchers explain that this threat particularly dangerous because nothing looks out of place, with the automation doing exactly what it’s allowed to do, just not for the user’s benefit.

The risk is no longer limited to individual users. Separate research from Bitdefender’s business telemetry shows OpenClaw increasingly appearing in corporate environments, with hundreds of detections already recorded. Skills posing as productivity tools, auto-updaters, or cloud utilities can justify elevated permissions and frequent execution, creating persistent access for attackers inside business systems.

To help users reduce risk, Bitdefender has launched a free AI Skills Checker, allowing individuals and organisations to quickly assess whether an AI skill or automation tool may be unsafe before installing or running it. The tool analyses skills for suspicious behaviour, flags hidden execution or external downloads, and highlights unsafe commands so users can make informed decisions.

Bitdefender Labs advises that AI skills should be treated like software installs, not harmless plug-ins. If a skill runs shell commands, asks you to install external binaries, or handles sensitive secrets, it deserves scrutiny.

The findings highlight a broader shift in the threat landscape, where convenience and automation are increasingly exploited as vectors for compromise. As AI-driven tools continue to spread, Bitdefender warns that visibility, caution, and proactive security checks will be essential to prevent trusted automation from becoming a silent attacker.

About Bitdefender

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumers, enterprises, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioural analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognised technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world. For more information, visit https://www.bitdefender.com.

Trusted. Always.