From magic to malware: How OpenClaw's agent skills become an attack surface
Summary
From magic to malware highlights how agent skills in automation ecosystems can become an attack surface. The top downloaded skill delivered macOS infostealing malware via staged installation steps, underscoring supply-chain risks in agent registries and the need for provenance, restricted execution, and strong incident response.