Writing on the @1Password blog, Jason Meller says that he found that the top downloaded OpenClaw skill was a malware delivery vehicle:

While browsing ClawHub (I won t link it for obvious reasons), I noticed the top downloaded skill at the time was a Twitter skill. It looked normal: description, intended use, an overview, the kind of thing you d expect to install without a second thought.

But the very first thing it did was introduce a required dependency named openclaw-core, along with platform-specific install steps. Those steps included convenient links ( here , this link ) that appeared to be normal documentation pointers.

They weren t.

Both links led to malicious infrastructure.

Indeed, this wasn't an isolated case.