Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

Attackers published five malicious skills to ClawHub, the official marketplace for the OpenClaw AI agent platform, deploying macOS infostealers that evaded automated security scanners from February through May 2026. The threat is active: the command-and-control server continued receiving new skill deliveries more than three months after public disclosure, and OpenClaw’s public deployment base grew significantly during the attack window, dramatically expanding the attack surface. Organizations using OpenClaw to automate business workflows face credential theft, data exfiltration, and supply chain compromise through a trust channel, the official skill marketplace, that most security programs do not yet monitor.

Author

Tech Jacks Solutions