%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Recently, the AI community has been abuzz with the intelligent agent OpenClaw (originally named Clawdbot), which has attracted significant attention due to its powerful "proactive automation" capabilities. However, along with the popularity comes a major security risk. According to the security team of the password management tool 1Password, attackers have already exploited vulnerabilities in the platform's mechanisms to launch precise malware attacks on macOS users.
OpenClaw was originally designed to free users from handling tasks such as emails and calendars independently, but its "skills" files used for learning have become an entry point for hackers. Attackers have disguised malicious code as legitimate integration tutorials, tricking users into running specific Shell commands during setup. Once executed, the script modifies system settings and removes the built-in "file quarantine" markers in macOS, allowing information-stealing viruses to bypass security checks and infiltrate the system seamlessly.
This type of malware is extremely stealthy, with its core goal being to silently steal high-value sensitive user data. Whether it's browser login sessions, auto-filled passwords, or developers' SSH keys and API tokens, all are at risk. Even the currently advocated "Model Context Protocol (MCP)" struggles to provide effective defense against this kind of social engineering fraud. Experts now warn users to be vigilant about integration scripts from non-official sources while using AI tools to improve efficiency, to prevent loss of system permissions.
Key Points:
🚨 Security Alert: The popular AI agent OpenClaw has serious vulnerabilities, and attackers are using it to spread data-extraction viruses to macOS users.
🧬 Attack Method: Hackers disguise "skills" files to trick users into executing malicious Shell commands, thereby forcing the disablement of macOS's security protection mechanisms.
⚠️ Data Threat: The virus focuses on silently stealing passwords, session Cookies, and developers' API tokens, potentially leading to full penetration of personal and corporate cloud assets.