ClawdBot, the open-source AI personal assistant, has been targeted in a malware campaign that has compromised cryptocurrency trading tools. Fourteen malicious skills were published to ClawHub and GitHub, masquerading as legitimate crypto trading automation tools. These skills, which target macOS and Windows users, deliver information-stealing malware that targets exchange API keys, wallet private keys, and other sensitive credentials.

The OpenSourceMalware team discovered that these skills share a common command-and-control infrastructure and employ sophisticated social engineering tactics. Users are tricked into executing malicious commands by downloading seemingly necessary "AuthTool" zip files. The campaign, active between January 27-29, 2026, involves multiple authors and skills, with some users clearly linked to the threat actor 'aslaep123'.

This incident highlights the security vulnerabilities in the rapidly evolving AI personal assistant market. As ClawdBot gains popularity, users are increasingly at risk of such attacks. The lack of security scanning on skills listed in ClawHub has allowed these malicious skills to remain available, raising concerns about the future of open-source AI tools and the need for enhanced security measures.

Investors and users of AI personal assistants should be wary of the potential risks associated with open-source AI tools. As the market for these tools grows, so does the opportunity for cybercriminals to exploit them. This incident underscores the importance of rigorous security protocols and user education in mitigating such threats.