A new wave of attacks is targeting OpenClaw users – open – source personal AI assistants being installed by many to run on their own computers. Instead of a front – loading attack, hackers opted for a more sophisticated way: blending the code into the “skills” – extensions that allowed OpenClaw to do more.
1770086108408.png

According to cybersecurity studies, of the more than 2,800 skills posted on the ClawHub repository, at least 300 contained malicious code. What’s remarkable is that they’re not “weedy.” These utilities are disguised as familiar sounding tools: crypto price tracking bots, crypto trading bots, YouTube briefers, financial utilities, even “auto update” bots. The name and documentation are all well-written, leading users to believe it’s a real tool.

The “Trap” should be in the installation instructions. The user is required to download an additional subfile, or copy a command line to run in the computer. On the surface, that seems like a normal engineering step. But in fact, it’s this act that opens the door to malicious code. Once activated, the malware silently collects all kinds of sensitive information: browser passwords, crypto wallet keys, exchange API keys, SSH accounts, stored data, etc. In other words, if your computer has something “worth the trouble,” malware will try to take it away.

1770086204286.png


Malicious utilities (skills) associated with the same release account – Image: OpenSourceMalware

The risk is even greater because OpenClaw is an AI assistant with deep access to the system: reading files, connecting emails, calling APIs, interacting with the Internet, and saving long – term “memories”. When a malicious utility is installed, the attacker can not only steal user data but can also use the AI assistant itself as an “inside man” to serve malicious purposes later.

The underlying reason for this is the open-source ClawHub repository: virtually anyone can upload their skills, and censorship is limited. While the developer added features for users reporting suspicious skills, this was mostly “firefighting”, making it difficult to keep up with the pace of mass launch of malicious add – ons.

For Vietnamese users, anyone with a “treat it convenient” habit could become a victim. Some simple but effective principles: do not install unfamiliar plugins just because the name sounds good; be absolutely wary of instructions that require running commands, adding external files; limit AI assistants to too wide access to the machine; if possible, run OpenClaw in a remote environment (virtual machine, container).

According to The Hacker News, Bleeping Computer