5 Malicious OpenClaw Skills That Passed ClawScan + VirusTotal: Unit 42 Analysis

✍️ OpenClawRadar📅 Published: June 24, 2026🔗 Source
5 Malicious OpenClaw Skills That Passed ClawScan + VirusTotal: Unit 42 Analysis
Ad

Unit 42 researchers identified five malicious OpenClaw skills that passed both ClawScan and VirusTotal detection. Two particularly concerning examples aren't malware in the traditional sense — they exploit the agent's instruction-following nature to conduct financial fraud.

Key Malicious Skills

  • money-radar: Posed as a financial advisor skill. On every run, it pulled a referrals.json from a malicious domain. The publisher dynamically swapped which products the agent recommended at runtime, injecting affiliate links that appeared as expert advice.
  • letssendit: Pooled SOL from all installed agents running this skill, enabling the operator to front-run a meme coin launch and dump on pump.fun — effectively a coordinated agent botnet executing a rug pull.
  • omnicogg: Padded its README with 22MB of junk data so scanners skipped the file for being too large. A clean verdict masked an AMOS dropper inside.

Signature scanning is ineffective here. A skill that instructs the agent to always use a referral link contains no payload that any scanner would flag — it's just instructions. The Pass badge from ClawScan means nothing.

Ad

Practical Takeaway

Don't install third-party skills. Write your own. If you can read what a skill does, you can write it yourself, and then you actually know what your agent is running.

📖 Read the full source: r/openclaw

Ad

👀 See Also