OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat

    Wednesday, June 24, 2026 In: Threat Research Print

    Date: 06/24/2026

    Severity: Medium

    Summary

    Researchers identified multiple malicious skills on OpenClaw’s ClawHub marketplace that abused the AI agent ecosystem to deliver macOS infostealers, evade security scanning, and conduct novel agentic attacks such as runtime affiliate injection and agentic front-running for financial gain. One skill used file-size inflation to bypass detection by security scanners, while the infostealer skills communicated with attacker-controlled C2 infrastructure. Following responsible disclosure, ClawHub removed all five malicious skills and banned the associated accounts, highlighting the growing risk of AI supply chain attacks where third-party agent skills can gain extensive access to files, credentials, and authenticated sessions through semantic instruction manipulation.

    Indicators of Compromise (IOC) List 

    Domains/URLs

    91.92.242.30/lamq4

    download.setup-service.com

    github.com/Ddoy233/openclawcli

    glot.io/snippets/hfd3x9ueu5

    install.app-distribution.net

    laosji.net

    openclawcli.vercel.app

    rentry.co/openclaw-code

    IP Address

    2.26.75.16

    91.92.242.30

    Hash

    818aea6143282b352fdfdc0f3ebf77a36e54eb3befb5cad1a355a99ab97c6aa7

    881ce5cb124c4d2e814783724cc1388f6a1cbf6eee274c3f3366e77ba3503ad7

    b30eaed1f7478c28f4ec50d07ed5ef014ffbc4b2bc5a38d689ba9f7abb5e19c2

    b6c7e0bf573b1c7d9d3a05eb08d26579199515b847df984862805f44a7af8007

    ebb73dbb5aac1f6fe1a88e8f26126a1e1aa34c9f3345ad4345189b40d9bf1d1d

    f4e41aa269c88bf11a2022701a9cf41e9a186aa1b224d837c31bf34e0b875d0e

    Publisher/Skill

    /santi-text-game

    /omnicogg

    /letssendit

    /money-radar

    /ai-tradingview-assistant-for-macos

    n/tradingview-ai-indicator-assistant

    /pdfcheck

    /update

    /wistec-core

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "openclawcli.vercel.app" or url like "openclawcli.vercel.app" or siteurl like "openclawcli.vercel.app" or domainname like "laosji.net" or url like "laosji.net" or siteurl like "laosji.net" or domainname like "install.app-distribution.net" or url like "install.app-distribution.net" or siteurl like "install.app-distribution.net" or domainname like "download.setup-service.com" or url like "download.setup-service.com" or siteurl like "download.setup-service.com" or domainname like "91.92.242.30/lamq4" or siteurl like "91.92.242.30/lamq4" or url like "91.92.242.30/lamq4" or domainname like "github.com/Ddoy233/openclawcli" or siteurl like "github.com/Ddoy233/openclawcli" or url like "github.com/Ddoy233/openclawcli" or domainname like "glot.io/snippets/hfd3x9ueu5" or siteurl like "glot.io/snippets/hfd3x9ueu5" or url like "glot.io/snippets/hfd3x9ueu5" or domainname like "rentry.co/openclaw-code" or siteurl like "rentry.co/openclaw-code" or url like "rentry.co/openclaw-code"

    Detection Query 2 :

    dstipaddress IN ("2.26.75.16","91.92.242.30") or srcipaddress IN ("2.26.75.16","91.92.242.30")

    Detection Query 3 :

    sha256hash IN ("b6c7e0bf573b1c7d9d3a05eb08d26579199515b847df984862805f44a7af8007","ebb73dbb5aac1f6fe1a88e8f26126a1e1aa34c9f3345ad4345189b40d9bf1d1d","f4e41aa269c88bf11a2022701a9cf41e9a186aa1b224d837c31bf34e0b875d0e","881ce5cb124c4d2e814783724cc1388f6a1cbf6eee274c3f3366e77ba3503ad7","b30eaed1f7478c28f4ec50d07ed5ef014ffbc4b2bc5a38d689ba9f7abb5e19c2","818aea6143282b352fdfdc0f3ebf77a36e54eb3befb5cad1a355a99ab97c6aa7")

    Reference:    

    https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/       


    Tags

    MalwareInfostealerAIFinancial ServicesSupply chain attackCredential Harvesting

    « Previous Article

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.