Themata.AI
Themata.AI

Popular tags:

#developer-tools#ai-agents#llms#ai-ethics#claude#code-generation#openai#ai-safety#anthropic#open-source

AI is changing the world. Don't stay behind. Clear summaries, community insight, delivered without the noise. Subscribe to never miss a beat.

© 2026 Themata.AI • All Rights Reserved

Privacy

|

Cookies

|

Contact
Back to all news
malwareai-agentsopenclawdeveloper-tools

The #1 most downloaded skill on OpenClaw marketplace was malware

Xユーザーのchiefofautismさん: 「the #1 most downloaded skill on OpenClaw marketplace was MALWARE it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server 1,184 malicious skills found, one attacker uploaded 677 packages ALONE OpenClaw has a skill marketplace https://t.co/3Qw9QoB1nt」 / X

twitter.com

February 19, 2026

1 min read

Summary

The most downloaded skill on the OpenClaw marketplace was identified as malware, which stole SSH keys, crypto wallets, and browser cookies while establishing a reverse shell to the attacker's server. A total of 1,184 malicious skills were found, with one attacker responsible for uploading 677 packages, exploiting the platform's open publishing policy that allowed anyone with a week-old GitHub account to submit skills.

Key Takeaways

  • The most downloaded skill on the OpenClaw marketplace was malware that stole SSH keys, crypto wallets, and browser cookies while opening a reverse shell to the attacker's server.
  • A total of 1,184 malicious skills were found on OpenClaw, with one attacker responsible for uploading 677 packages.
  • OpenClaw's marketplace allowed anyone to publish skills with just a one-week-old GitHub account, leading to the distribution of disguised malware.
  • The top-ranked skill, "What Would Elon Do," contained nine security vulnerabilities, including two critical ones, and was designed to exfiltrate data and bypass safety guidelines.
Read original article

Related Articles

XユーザーのAndrej Karpathyさん: 「Bought a new Mac mini to properly tinker with claws over the weekend. The apple store person told me they are selling like hotcakes and everyone is confused :) I'm definitely a bit sus'd to run OpenClaw specifically - giving my private data/keys to 400K lines of vibe coded」 / X

Claws are now a new layer on top of LLM agents

Feb 21, 2026

XユーザーのBen Badejoさん: 「You really are not supposed to install OpenClaw on your personal computer. It needs to be on its own separate computer, Mac Mini or otherwise. It must have its own phone number — one that you install on your phone as a dual eSIM so that you can receive its 2FA SMS codes. It must」 / X

You are not supposed to install OpenClaw on your personal computer

Feb 23, 2026

XユーザーのAnthropicさん: 「We’ve identified industrial-scale distillation attacks on our models by DeepSeek, Moonshot AI, and MiniMax. These labs created over 24,000 fraudulent accounts and generated over 16 million exchanges with Claude, extracting its capabilities to train and improve their own models.」 / X

Anthropic announces proof of distillation at scale by MiniMax, DeepSeek,Moonshot

Feb 23, 2026

XユーザーのAlexey Grigorevさん: 「Claude Code wiped our production database with a Terraform command. It took down the DataTalksClub course platform and 2.5 years of submissions: homework, projects, and leaderboards. Automated snapshots were gone too. In the newsletter, I wrote the full timeline + what I https://t.co/Y5diFkQwjN」 / X

Claude Code wiped our production database with a Terraform command

Mar 6, 2026

Source

twitter.com

Published

February 19, 2026

Reading Time

1 minutes

Relevance Score

45/100

🔥🔥🔥🔥🔥

Why It Matters

This page is optimized for focused reading: quick context up top, a clean summary block, and a direct path to the original source when you want the full story.