5 Malicious OpenClaw Skills That Passed ClawScan + VirusTotal: Unit 42 Analysis

Unit 42 researchers identified five malicious OpenClaw skills that passed both ClawScan and VirusTotal detection. Two particularly concerning examples aren't malware in the traditional sense — they exploit the agent's instruction-following nature to conduct financial fraud.
Key Malicious Skills
- money-radar: Posed as a financial advisor skill. On every run, it pulled a
referrals.jsonfrom a malicious domain. The publisher dynamically swapped which products the agent recommended at runtime, injecting affiliate links that appeared as expert advice. - letssendit: Pooled SOL from all installed agents running this skill, enabling the operator to front-run a meme coin launch and dump on pump.fun — effectively a coordinated agent botnet executing a rug pull.
- omnicogg: Padded its README with 22MB of junk data so scanners skipped the file for being too large. A clean verdict masked an AMOS dropper inside.
Signature scanning is ineffective here. A skill that instructs the agent to always use a referral link contains no payload that any scanner would flag — it's just instructions. The Pass badge from ClawScan means nothing.
Practical Takeaway
Don't install third-party skills. Write your own. If you can read what a skill does, you can write it yourself, and then you actually know what your agent is running.
📖 Read the full source: r/openclaw
👀 See Also

LLMs can identify anonymous forum users with 68% accuracy at 90% precision
Researchers used Gemini and ChatGPT to analyze posts from Hacker News and Reddit, identifying 68% of anonymous users with 90% precision. The models completed in minutes what would take humans hours or be impossible.

Security vulnerabilities exposed in Lovable-showcased EdTech app
A security researcher found 16 vulnerabilities in a Lovable-showcased EdTech app, including critical auth logic flaws that exposed 18,697 user records without authentication. The app had 100K+ views on Lovable's showcase and real users from UC Berkeley, UC Davis, and schools worldwide.

OpenClaw Security Audit Command Prompts Plain-English Vulnerability Reports
A Reddit user shared a prompt for the OpenClaw CLI that runs a deep security audit and outputs findings in plain English, specifying what's exposed, severity scores, and exact config fixes.

AviationWeather.gov API Contains 'Stop Claude' Prompt Injection Attempt
A user reports that the US Government's AviationWeather.gov API returns the text 'Stop Claude' in its responses when accessed through Claude CoWork, triggering a security notice about prompt injection attacks.