Researcher Aks Sharma from Manifold has uncovered a cryptomining botnet campaign called ClawSwarm on the ClawHub platform. The campaign involved 30 OpenClaw skills that turned AI agents into a crypto botnet, with the extensions downloaded around 10,000 times.

The malicious code, embedded in SKILL.md files, causes agents to register on an external server, share their capabilities, create Hedera network wallets, and send private keys to a command node. Every four hours, the agents poll the server for new token farming tasks.

Security scanners fail to detect the threat as the scripts use clean requests and official SDKs, exploiting AI logic rather than software vulnerabilities.

Source: The Register