Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000 stars on GitHub, OpenClaw is being exploited to steal crypto keys and install macOS malware. Discover how a single user linked to 199 fake skills is targeting wallets and corporate data.
A new open-source AI project called OpenClaw has taken the developer world by storm, racking up over 160,000 stars on GitHub. It is basically an AI toolbox that can manage your accounts and run tasks across different apps. However, as we know it, where there is a massive crowd, scammers are never far behind.
Researchers from Bitdefender Labs recently inspected this infrastructure and found something worrying. They discovered that roughly 17% of the ‘skills’- the small bits of code that give the AI its powers- found in the first week of February 2026 were actually malicious. For your information, these aren’t just minor bugs; they are designed to bypass security and steal your data.
A Modern Trojan Horse
According to Bitdefender Labs’ research, hackers are cloning popular tools and using slightly different names to blend in. Further investigation revealed a ‘Base Trading Agent’ skill that promised automated trading but was a major red flag, as it buried instructions in its description for users to download external files.
After installation, these skills act as a doorway; they reach out to a specific IP address (91.92.242.30) to fetch scripts that can take over a computer. While this was originally seen as a problem for individual users, researchers note that it has now spread into the corporate world, with hundreds of cases detected in business environments.
The Numbers Behind the Abuse
The research, which was shared with Hackread.com, shows that attackers are masquerading as helpful utilities, including tools for platforms like Polymarket, ByBit, and Axiom, and various decentralised exchanges (DEXs). Also included are wallet assistants and gas fee trackers for Solana, Base, Ethereum, and other Layer 2 (L2) networks. Crypto users are the primary targets as about 54% of all malicious skills are crypto-related, including:
- Wallet trackers: 14%
- Polymarket tools: 9.9%
- Solana helpers: 9.3%
- Phantom wallet tools: 8.2%
On the other hand, social media automation for YouTube, LinkedIn, Reddit, and X makes up 24% of threats, while fake “auto-updaters” account for 17%. Even Google Workspace productivity tools are being faked to target offices.
From Skills to Stolen Keys
One specific user, known as sakaen736jih, was found linked to 199 of these malicious scripts. In some cases, the skills looked for files with the “.mykey” extension to steal private wallet keys. On Macs, they even delivered the AMOS Stealer virus, which researchers noted is capable of “harvesting credentials, browser data, and crypto-related information.”
To stay safe, Bitdefender recommends treating every new skill like a full software installation rather than a simple plugin. The company has also created a free tool, the Bitdefender AI Skills Checker, to help users quickly assess whether an AI skill is safe before installing it.