{ "generated": "2026-04-16", "total_flagged": 1302, "confirmed_malware": 552, "severity": { "critical": 957, "high": 339, "medium": 0 }, "threat_actors": [ "hightower6eu", "sakaen736jih", "52yuanchangxing" ], "entries": [ { "skill": "hightower6eu/auto-updater-161ks", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-161ks", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-6aigix9qi2tu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-6aigix9qi2tu", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-2yq87", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-2yq87", "rules": [ "ATR-2026-00121" ] }, { "skill": "1999azzar/guardian-wall-azzar", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/1999azzar/guardian-wall-azzar", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/agent-browser-b2x7tvcmbjgp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-b2x7tvcmbjgp", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-3rk1s", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-3rk1s", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-bzsqiuw0rznw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-bzsqiuw0rznw", "rules": [ "ATR-2026-00121" ] }, { "skill": "1kalin/afrexai-agent-engineering", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/1kalin/afrexai-agent-engineering", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/auto-updater-43c6i", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-43c6i", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-fopzsipap75u", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-fopzsipap75u", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-5buwl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-5buwl", "rules": [ "ATR-2026-00121" ] }, { "skill": "1kalin/afrexai-agent-memory", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/1kalin/afrexai-agent-memory", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/agent-browser-ha2gvrwrmbil", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-ha2gvrwrmbil", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-5fhqm", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-5fhqm", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-jrdv4mcscrb2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-jrdv4mcscrb2", "rules": [ "ATR-2026-00121" ] }, { "skill": "1kalin/afrexai-web-performance-engine", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/1kalin/afrexai-web-performance-engine", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/auto-updater-8xwp6", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-8xwp6", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-npzrafdduyrm", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-npzrafdduyrm", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-96ys3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-96ys3", "rules": [ "ATR-2026-00121" ] }, { "skill": "2233admin/kimi-agent-policy", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/2233admin/kimi-agent-policy", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/agent-browser-plyd56pz7air", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-plyd56pz7air", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-deza8", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-deza8", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-shdaumcajgxf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-shdaumcajgxf", "rules": [ "ATR-2026-00121" ] }, { "skill": "2393970875/deepsop-image-video-generator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/2393970875/deepsop-image-video-generator", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/auto-updater-dzuba", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-dzuba", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-txfumuva5m6u", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-txfumuva5m6u", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-e89da", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-e89da", "rules": [ "ATR-2026-00121" ] }, { "skill": "2393970875/image-video-generator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/2393970875/image-video-generator", "rules": [ "ATR-2026-00162" ] }, { "skill": "sakaen736jih/agent-browser-ufymjtykwuas", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-ufymjtykwuas", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-eclpb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-eclpb", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-ymepfebfpc2x", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-ymepfebfpc2x", "rules": [ "ATR-2026-00121" ] }, { "skill": "2720480371/08-proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/2720480371/08-proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/auto-updater-gw6f5", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-gw6f5", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/agent-browser-zd1dook9mtfz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/agent-browser-zd1dook9mtfz", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-hfmct", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-hfmct", "rules": [ "ATR-2026-00121" ] }, { "skill": "345968504/openclaw-troubleshooter", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/345968504/openclaw-troubleshooter", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/auto-updater-3miomc4dvir", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-3miomc4dvir", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-jkiuq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-jkiuq", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-5cnufr8quj5", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-5cnufr8quj5", "rules": [ "ATR-2026-00121" ] }, { "skill": "4833675/minimax-tokenplan-tts", "source": "OpenClaw", "severity": "low", "primary_rule": "ATR-2026-00134", "reason_en": "Matched ATR-2026-00134", "reason_zh": "\u5339\u914d ATR-2026-00134", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/4833675/minimax-tokenplan-tts", "rules": [ "ATR-2026-00134" ] }, { "skill": "hightower6eu/auto-updater-lth9t", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-lth9t", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-ah1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-ah1", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-m0fsa", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-m0fsa", "rules": [ "ATR-2026-00121" ] }, { "skill": "4t-shirt/create-telegram-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/4t-shirt/create-telegram-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/auto-updater-drvd2u5bgft", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-drvd2u5bgft", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-mclql", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-mclql", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-dyismmj5csx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-dyismmj5csx", "rules": [ "ATR-2026-00121" ] }, { "skill": "7789996399/meerkat-governance", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/7789996399/meerkat-governance", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/auto-updater-mkukz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-mkukz", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-ek1qviijfp1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-ek1qviijfp1", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-mn5ri", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-mn5ri", "rules": [ "ATR-2026-00121" ] }, { "skill": "abhi152003/maxxit-lazy-trading", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/abhi152003/maxxit-lazy-trading", "rules": [ "ATR-2026-00135" ] }, { "skill": "sakaen736jih/auto-updater-eu0vxzedkgb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-eu0vxzedkgb", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-nlt3m", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-nlt3m", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-jhsfi4ehp1b", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-jhsfi4ehp1b", "rules": [ "ATR-2026-00121" ] }, { "skill": "addozhang/ralph-loop-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/addozhang/ralph-loop-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/auto-updater-ocn18", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-ocn18", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-jrpkyiayibm", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-jrpkyiayibm", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-p5rmt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-p5rmt", "rules": [ "ATR-2026-00121" ] }, { "skill": "adibirzu/openclaw-security-monitor", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/adibirzu/openclaw-security-monitor", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/auto-updater-lrssiatzxpx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-lrssiatzxpx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-qdyme", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-qdyme", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-nz2uvldrokd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-nz2uvldrokd", "rules": [ "ATR-2026-00121" ] }, { "skill": "aggel008/analizy-ru", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/aggel008/analizy-ru", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-se38e", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-se38e", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-pb70kpsnfof", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-pb70kpsnfof", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-sxdg2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-sxdg2", "rules": [ "ATR-2026-00121" ] }, { "skill": "aggel008/chinovnik-ru", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/aggel008/chinovnik-ru", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-qahxnvcnurj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-qahxnvcnurj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-xcgnm", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-xcgnm", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-qg0anavwlmt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-qg0anavwlmt", "rules": [ "ATR-2026-00121" ] }, { "skill": "aggel008/dogovor-ru", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/aggel008/dogovor-ru", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/auto-updater-xsunp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/auto-updater-xsunp", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-sgr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-sgr", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/autoupdate", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/autoupdate", "rules": [ "ATR-2026-00121" ] }, { "skill": "aggel008/nalog-ru", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/aggel008/nalog-ru", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-sgtm55aoazj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-sgtm55aoazj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-6yr3b", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-6yr3b", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-uqmlhjh7pgz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-uqmlhjh7pgz", "rules": [ "ATR-2026-00121" ] }, { "skill": "aggel008/persona-channel-builder", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/aggel008/persona-channel-builder", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-c9y4p", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-c9y4p", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/auto-updater-vombw4ciwc0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/auto-updater-vombw4ciwc0", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-d4kxr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-d4kxr", "rules": [ "ATR-2026-00121" ] }, { "skill": "aggel008/pretenziya-ru", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/aggel008/pretenziya-ru", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-0p", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-0p", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-f3qcn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-f3qcn", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-2l", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-2l", "rules": [ "ATR-2026-00121" ] }, { "skill": "aggel008/zhkh-ru", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/aggel008/zhkh-ru", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-gpcrq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-gpcrq", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-ag", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-ag", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-gpwp7", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-gpwp7", "rules": [ "ATR-2026-00121" ] }, { "skill": "ahaaiclub/agent-dream", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ahaaiclub/agent-dream", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/bird-ar", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-ar", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-gstca", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-gstca", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-ch", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-ch", "rules": [ "ATR-2026-00121" ] }, { "skill": "akhmittra/ctf-writeup-generator", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/akhmittra/ctf-writeup-generator", "rules": [ "ATR-2026-00122" ] }, { "skill": "hightower6eu/clawhub-hh1fd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-hh1fd", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-co", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-co", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-hh2km", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-hh2km", "rules": [ "ATR-2026-00121" ] }, { "skill": "akhmittra/ergocare-coach", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/akhmittra/ergocare-coach", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/bird-fa", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-fa", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-hylhq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-hylhq", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-h4", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-h4", "rules": [ "ATR-2026-00121" ] }, { "skill": "alessandroflati/oosmetrics", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/alessandroflati/oosmetrics", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/clawhub-i7oci", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-i7oci", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-hg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-hg", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-i9zhz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-i9zhz", "rules": [ "ATR-2026-00121" ] }, { "skill": "alexeyvorobiev/alexey-proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/alexeyvorobiev/alexey-proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/bird-js", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-js", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-ja7eh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-ja7eh", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-mh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-mh", "rules": [ "ATR-2026-00121" ] }, { "skill": "alexhegit/rocm-vllm-deployment", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/alexhegit/rocm-vllm-deployment", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/clawhub-krmvq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-krmvq", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-nc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-nc", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-oihpl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-oihpl", "rules": [ "ATR-2026-00121" ] }, { "skill": "alirezarezvani/auto-memory-pro/skills/remember", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/alirezarezvani/auto-memory-pro/skills/remember", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/bird-rl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-rl", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-olgys", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-olgys", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-su", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-su", "rules": [ "ATR-2026-00121" ] }, { "skill": "alirezarezvani/codebase-onboarding", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/alirezarezvani/codebase-onboarding", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/clawhub-osasg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-osasg", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-vu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-vu", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-rkvny", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-rkvny", "rules": [ "ATR-2026-00121" ] }, { "skill": "alirezarezvani/cs-self-improving-agent/skills/remember", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/alirezarezvani/cs-self-improving-agent/skills/remember", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/bird-wo", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-wo", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-sxtsn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-sxtsn", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-xn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-xn", "rules": [ "ATR-2026-00121" ] }, { "skill": "alirezarezvani/ms365-tenant-manager", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/alirezarezvani/ms365-tenant-manager", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/clawhub-tlxx5", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-tlxx5", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-yf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-yf", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-uoeym", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-uoeym", "rules": [ "ATR-2026-00121" ] }, { "skill": "alita-real/emotional-core", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/alita-real/emotional-core", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/bird-yt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-yt", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhub-wixce", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-wixce", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/bird-za", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/bird-za", "rules": [ "ATR-2026-00121" ] }, { "skill": "amandiwakar/ai-sentinel", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/amandiwakar/ai-sentinel", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/clawhub-wotp2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhub-wotp2", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-0ds2em57jf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-0ds2em57jf", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhubb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhubb", "rules": [ "ATR-2026-00121" ] }, { "skill": "amangarg1999/ai-compound-1-0-1", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/amangarg1999/ai-compound-1-0-1", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/clawdhub-1qbvz9cvc3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-1qbvz9cvc3", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/clawhubcli", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawhubcli", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-2trnbtcgyo", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-2trnbtcgyo", "rules": [ "ATR-2026-00121" ] }, { "skill": "ambition0802/acp-background-runs", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ambition0802/acp-background-runs", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/clawwhub", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/clawwhub", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-3ffldvumfb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-3ffldvumfb", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/cllawhub", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/cllawhub", "rules": [ "ATR-2026-00121" ] }, { "skill": "amlyx/web-publish", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/amlyx/web-publish", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-3jv6c6gijf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-3jv6c6gijf", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-abxf0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-abxf0", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-8rhr8q1zgy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-8rhr8q1zgy", "rules": [ "ATR-2026-00121" ] }, { "skill": "anbeime/content-creation-publisher", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/anbeime/content-creation-publisher", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-esupl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-esupl", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-aecm6lh6uo", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-aecm6lh6uo", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-fygz0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-fygz0", "rules": [ "ATR-2026-00121" ] }, { "skill": "anbeime/video-creation-suite", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/anbeime/video-creation-suite", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/clawdhub-hklg5xzjbc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-hklg5xzjbc", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-gon2c", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-gon2c", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-i6qfm0cay3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-i6qfm0cay3", "rules": [ "ATR-2026-00121" ] }, { "skill": "andreasthinks/cline-kanban", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/andreasthinks/cline-kanban", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-hx8j0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-hx8j0", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-ilhnghd1c0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-ilhnghd1c0", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-k51pi", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-k51pi", "rules": [ "ATR-2026-00121" ] }, { "skill": "andrewagrahamhodges/agent-memory-lifecycle", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/andrewagrahamhodges/agent-memory-lifecycle", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/clawdhub-itmu0eevs9", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-itmu0eevs9", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-k9hfk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-k9hfk", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-l91mzsalr7", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-l91mzsalr7", "rules": [ "ATR-2026-00121" ] }, { "skill": "andy27725/proactive-agent-andy27725", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/andy27725/proactive-agent-andy27725", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-leifg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-leifg", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-lhhr7b7jsj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-lhhr7b7jsj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-lm4cv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-lm4cv", "rules": [ "ATR-2026-00121" ] }, { "skill": "andy27725/prose-andy27725", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/andy27725/prose-andy27725", "rules": [ "ATR-2026-00162" ] }, { "skill": "sakaen736jih/clawdhub-lyass2awyp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-lyass2awyp", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-mnsfw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-mnsfw", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-xupj4k8euh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-xupj4k8euh", "rules": [ "ATR-2026-00121" ] }, { "skill": "andyxinweiminicloud/capability-graph-mapper", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/andyxinweiminicloud/capability-graph-mapper", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-nmcq5", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-nmcq5", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-yskkhfqscj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-yskkhfqscj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-osr2u", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-osr2u", "rules": [ "ATR-2026-00121" ] }, { "skill": "andyxinweiminicloud/protocol-doc-auditor", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/andyxinweiminicloud/protocol-doc-auditor", "rules": [ "ATR-2026-00162" ] }, { "skill": "sakaen736jih/clawdhub-za29sitx9w", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-za29sitx9w", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-pz0kz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-pz0kz", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-zegimab3ze", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-zegimab3ze", "rules": [ "ATR-2026-00121" ] }, { "skill": "anugotta/upi-payment-ux-ops", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/anugotta/upi-payment-ux-ops", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-qxorv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-qxorv", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/clawdhub-zh7v47hpwk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/clawdhub-zh7v47hpwk", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-rmiu4", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-rmiu4", "rules": [ "ATR-2026-00121" ] }, { "skill": "arn0ld87/fisi", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/arn0ld87/fisi", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/coding-agent-4ilvlj7rs", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-4ilvlj7rs", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/ethereum-gas-tracker-t8oaj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/ethereum-gas-tracker-t8oaj", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-7k8p1tijc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-7k8p1tijc", "rules": [ "ATR-2026-00121" ] }, { "skill": "arnarsson/ssh-essentials", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/arnarsson/ssh-essentials", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/google-workspace-2z5dp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-2z5dp", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-8wyxxelkv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-8wyxxelkv", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-7ylf0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-7ylf0", "rules": [ "ATR-2026-00121" ] }, { "skill": "artyomx33/reasoning-personas", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/artyomx33/reasoning-personas", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/coding-agent-boz67cmsl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-boz67cmsl", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-8zdgy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-8zdgy", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-by6ghzyes", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-by6ghzyes", "rules": [ "ATR-2026-00121" ] }, { "skill": "ashanzzz/ashanzzz-unraid-xml-generator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ashanzzz/ashanzzz-unraid-xml-generator", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/google-workspace-auqud", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-auqud", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-du7t1pmcd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-du7t1pmcd", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-devfw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-devfw", "rules": [ "ATR-2026-00121" ] }, { "skill": "ashanzzz/unraid-xml-generator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ashanzzz/unraid-xml-generator", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/coding-agent-ggeu0hlk4", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-ggeu0hlk4", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-gbvyc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-gbvyc", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-hmxr2rtke", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-hmxr2rtke", "rules": [ "ATR-2026-00121" ] }, { "skill": "asimons81/better-soul", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/asimons81/better-soul", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/google-workspace-izypr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-izypr", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-kpeg9c2rq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-kpeg9c2rq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-m2hcx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-m2hcx", "rules": [ "ATR-2026-00121" ] }, { "skill": "assassin808/clawder", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/assassin808/clawder", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/coding-agent-my1tb1kam", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-my1tb1kam", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-ndlt1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-ndlt1", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-o10sk4yyb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-o10sk4yyb", "rules": [ "ATR-2026-00121" ] }, { "skill": "asterisk622/xiaoding-proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/asterisk622/xiaoding-proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/google-workspace-ozgdc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-ozgdc", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-ojd1iijmg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-ojd1iijmg", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-t9lkr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-t9lkr", "rules": [ "ATR-2026-00121" ] }, { "skill": "atlaspa/openclaw-bastion", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/atlaspa/openclaw-bastion", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/coding-agent-p2kq1f9ou", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-p2kq1f9ou", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-tqhmn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-tqhmn", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-p6k84e0fv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-p6k84e0fv", "rules": [ "ATR-2026-00121" ] }, { "skill": "atlaspa/openclaw-warden", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/atlaspa/openclaw-warden", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/google-workspace-vxw0q", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-vxw0q", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-pekjzav3x", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-pekjzav3x", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-womvg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-womvg", "rules": [ "ATR-2026-00121" ] }, { "skill": "audsmith28/trawl", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/audsmith28/trawl", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/coding-agent-tvmz0qsg1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-tvmz0qsg1", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-wwxem", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-wwxem", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-vwho0kmqi", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-vwho0kmqi", "rules": [ "ATR-2026-00121" ] }, { "skill": "aure-duncan/aurehub-xaut-trade", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/aure-duncan/aurehub-xaut-trade", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/google-workspace-yj9ug", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-yj9ug", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/coding-agent-yzyvfg9hn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-yzyvfg9hn", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-ytrqj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-ytrqj", "rules": [ "ATR-2026-00121" ] }, { "skill": "austineral/agent-spawner", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/austineral/agent-spawner", "rules": [ "ATR-2026-00162" ] }, { "skill": "sakaen736jih/coding-agent-z1qldmg0f", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/coding-agent-z1qldmg0f", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/google-workspace-zg8ad", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/google-workspace-zg8ad", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/deep-research-eejukdjn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-eejukdjn", "rules": [ "ATR-2026-00121" ] }, { "skill": "authensor/authensor-gateway", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/authensor/authensor-gateway", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/insider-wallets-finder-1a7pi", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-1a7pi", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/deep-research-eoo5vd95", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-eoo5vd95", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-2fz1g", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-2fz1g", "rules": [ "ATR-2026-00121" ] }, { "skill": "autosolutionsai-didac/agent-memory-setup", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/autosolutionsai-didac/agent-memory-setup", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/deep-research-hsk9iq5w", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-hsk9iq5w", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-57h4t", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-57h4t", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/deep-research-kgenr3rn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-kgenr3rn", "rules": [ "ATR-2026-00121" ] }, { "skill": "autosolutionsai-didac/agent-memory-setup-qmd", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/autosolutionsai-didac/agent-memory-setup-qmd", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/insider-wallets-finder-9dlka", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-9dlka", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/deep-research-omvwp9ki", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-omvwp9ki", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-art4q", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-art4q", "rules": [ "ATR-2026-00121" ] }, { "skill": "babado800/xiaohongshu-mcp-1-0-0", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/babado800/xiaohongshu-mcp-1-0-0", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/deep-research-pjazdzyd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-pjazdzyd", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-bjs4y", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-bjs4y", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/deep-research-pqgwiuep", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-pqgwiuep", "rules": [ "ATR-2026-00121" ] }, { "skill": "beardao/emotwin", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/beardao/emotwin", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/insider-wallets-finder-btj6c", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-btj6c", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/deep-research-qvewifgk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-qvewifgk", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-c86ge", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-c86ge", "rules": [ "ATR-2026-00121" ] }, { "skill": "beyondbright/walter-agent-factory", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/beyondbright/walter-agent-factory", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/deep-research-rio7el6w", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-rio7el6w", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-cv1d9", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-cv1d9", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/deep-research-v2h55k2w", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-v2h55k2w", "rules": [ "ATR-2026-00121" ] }, { "skill": "biahd/openclaw-intelligence-broker/skill.md", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/biahd/openclaw-intelligence-broker/skill", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/insider-wallets-finder-djiq0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-djiq0", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/deep-research-vc3veoel", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/deep-research-vc3veoel", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-firui", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-firui", "rules": [ "ATR-2026-00121" ] }, { "skill": "billc8128/openclaw-scribe", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/billc8128/openclaw-scribe", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/gog-5w7zvby", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-5w7zvby", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-gxgfy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-gxgfy", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/gog-ee3cg9w", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-ee3cg9w", "rules": [ "ATR-2026-00121" ] }, { "skill": "billyhetech/skill-scanner-v1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/billyhetech/skill-scanner-v1", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-h5syo", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-h5syo", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/gog-g7ksras", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-g7ksras", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-hbmjm", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-hbmjm", "rules": [ "ATR-2026-00121" ] }, { "skill": "bingze00000/proactive-agent-jarvis", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/bingze00000/proactive-agent-jarvis", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/gog-iezecg1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-iezecg1", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-im29o", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-im29o", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/gog-kcjgdv2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-kcjgdv2", "rules": [ "ATR-2026-00121" ] }, { "skill": "blackmcvn/proactive-agent-3-1-0", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/blackmcvn/proactive-agent-3-1-0", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/insider-wallets-finder-jacit", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-jacit", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/gog-kfnluze", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-kfnluze", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-kq9nv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-kq9nv", "rules": [ "ATR-2026-00121" ] }, { "skill": "bloom-u/doccraft", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/bloom-u/doccraft", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/gog-kvlmtdd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-kvlmtdd", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-mk3w3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-mk3w3", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/gog-shbjktj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-shbjktj", "rules": [ "ATR-2026-00121" ] }, { "skill": "boner-bbb/musicful-music-generator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/boner-bbb/musicful-music-generator", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/insider-wallets-finder-ngv64", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-ngv64", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/gog-sywovxv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-sywovxv", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-nq6a9", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-nq6a9", "rules": [ "ATR-2026-00121" ] }, { "skill": "bonesvinyl/bkmrk", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/bonesvinyl/bkmrk", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/gog-vjlu0ls", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-vjlu0ls", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-q9qng", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-q9qng", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/gog-ybiur2h", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/gog-ybiur2h", "rules": [ "ATR-2026-00121" ] }, { "skill": "bono5137/ltpm", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/bono5137/ltpm", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/insider-wallets-finder-qjkug", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-qjkug", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-8ap3x7", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-8ap3x7", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-r6wya", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-r6wya", "rules": [ "ATR-2026-00121" ] }, { "skill": "borye/xiaohongshu-mcp", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/borye/xiaohongshu-mcp", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/nano-banana-pro-c16jff", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-c16jff", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-tivyf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-tivyf", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-e3c48l", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-e3c48l", "rules": [ "ATR-2026-00121" ] }, { "skill": "botcoinmoney/botcoin-miner-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/botcoinmoney/botcoin-miner-skill", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-zah8d", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-zah8d", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-eug1jw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-eug1jw", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/insider-wallets-finder-zzs2p", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/insider-wallets-finder-zzs2p", "rules": [ "ATR-2026-00121" ] }, { "skill": "bowtiedbluefin/openclaw-airesearchos", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/bowtiedbluefin/openclaw-airesearchos", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/nano-banana-pro-fxgpbf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-fxgpbf", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/lost-bitcoin-10li1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/lost-bitcoin-10li1", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-glfq7a", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-glfq7a", "rules": [ "ATR-2026-00121" ] }, { "skill": "brennan3/clabcraw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brennan3/clabcraw", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/lost-bitcoin-dbrgt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/lost-bitcoin-dbrgt", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-gyyjbx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-gyyjbx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/lost-bitcoin-eabml", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/lost-bitcoin-eabml", "rules": [ "ATR-2026-00121" ] }, { "skill": "brianium/wake-meup-ai", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brianium/wake-meup-ai", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/nano-banana-pro-hu1vfx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-hu1vfx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/openclaw-backup-dnkxm", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/openclaw-backup-dnkxm", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-lldjo1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-lldjo1", "rules": [ "ATR-2026-00121" ] }, { "skill": "broedkrummen/supermemory-free", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/broedkrummen/supermemory-free", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/openclaw-backup-wrxw0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/openclaw-backup-wrxw0", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-lrmva2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-lrmva2", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/pdf-1wso5", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/pdf-1wso5", "rules": [ "ATR-2026-00121" ] }, { "skill": "brorlandi/openclaw-youtube-upload", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brorlandi/openclaw-youtube-upload", "rules": [ "ATR-2026-00163" ] }, { "skill": "sakaen736jih/nano-banana-pro-mauf71", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-mauf71", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-0jcvy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-0jcvy", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-mzvmth", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-mzvmth", "rules": [ "ATR-2026-00121" ] }, { "skill": "brorlandi/youtube-upload", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brorlandi/youtube-upload", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/phantom-0snsv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-0snsv", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-ogmcrj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-ogmcrj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-3uttg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-3uttg", "rules": [ "ATR-2026-00121" ] }, { "skill": "bruce-agnet/douyin-video-forge", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/bruce-agnet/douyin-video-forge", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-oinrw3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-oinrw3", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-64juz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-64juz", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-pcgniu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-pcgniu", "rules": [ "ATR-2026-00121" ] }, { "skill": "brucetangc/clash-proxy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brucetangc/clash-proxy", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-afnuz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-afnuz", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-pqcucx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-pqcucx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-ahdwb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-ahdwb", "rules": [ "ATR-2026-00121" ] }, { "skill": "brucetangc/tavily-web-search-full", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brucetangc/tavily-web-search-full", "rules": [ "ATR-2026-00162" ] }, { "skill": "sakaen736jih/nano-banana-pro-ptnlkl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-ptnlkl", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-bdacv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-bdacv", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-srlqfn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-srlqfn", "rules": [ "ATR-2026-00121" ] }, { "skill": "brucko/primer", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brucko/primer", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/phantom-fdjtg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-fdjtg", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-stl6ak", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-stl6ak", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-fsvib", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-fsvib", "rules": [ "ATR-2026-00121" ] }, { "skill": "brunopradof/openclaw-shield-upx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brunopradof/openclaw-shield-upx", "rules": [ "ATR-2026-00135" ] }, { "skill": "sakaen736jih/nano-banana-pro-wepcdp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-wepcdp", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-ftbrg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-ftbrg", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-xeqcnk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-xeqcnk", "rules": [ "ATR-2026-00121" ] }, { "skill": "bryantegomoh/content-security-filter", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/bryantegomoh/content-security-filter", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/phantom-fvizs", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-fvizs", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-banana-pro-yywjf1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-banana-pro-yywjf1", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-ggjrq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-ggjrq", "rules": [ "ATR-2026-00121" ] }, { "skill": "brycexbt/secret-safe", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/brycexbt/secret-safe", "rules": [ "ATR-2026-00162" ] }, { "skill": "sakaen736jih/nano-pdf-9j7bj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-9j7bj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-hpwmb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-hpwmb", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-cr79t", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-cr79t", "rules": [ "ATR-2026-00121" ] }, { "skill": "c0ffeeoverdose/prts-sandbox", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/c0ffeeoverdose/prts-sandbox", "rules": [ "ATR-2026-00122" ] }, { "skill": "hightower6eu/phantom-iebcc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-iebcc", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-eeadu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-eeadu", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-jwik3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-jwik3", "rules": [ "ATR-2026-00121" ] }, { "skill": "callxor/postgresql-db", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/callxor/postgresql-db", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/nano-pdf-ey8zb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-ey8zb", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-kxcuj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-kxcuj", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-gbegf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-gbegf", "rules": [ "ATR-2026-00121" ] }, { "skill": "catteres/obsidian-memory-system", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/catteres/obsidian-memory-system", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/phantom-lpnfp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-lpnfp", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-kxufw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-kxufw", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-lxnyf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-lxnyf", "rules": [ "ATR-2026-00121" ] }, { "skill": "cburnette/wayfound", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cburnette/wayfound", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/nano-pdf-mns57", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-mns57", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-mdr3q", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-mdr3q", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-n2hcr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-n2hcr", "rules": [ "ATR-2026-00121" ] }, { "skill": "cccaptain0129/task-dispatch", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cccaptain0129/task-dispatch", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/phantom-nrqdw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-nrqdw", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-q3e3z", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-q3e3z", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-pcue3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-pcue3", "rules": [ "ATR-2026-00121" ] }, { "skill": "chenghaifeng08-creator/autonomous-agent-toolkit-automaton", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/chenghaifeng08-creator/autonomous-agent-toolkit-automaton", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/nano-pdf-quqdg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-quqdg", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-pvber", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-pvber", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-rt9y1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-rt9y1", "rules": [ "ATR-2026-00121" ] }, { "skill": "chenguangwu/qclaw-restart", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/chenguangwu/qclaw-restart", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/phantom-q8ark", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-q8ark", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-sdjzy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-sdjzy", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-qs450", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-qs450", "rules": [ "ATR-2026-00121" ] }, { "skill": "cineglobe/osint-investigator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cineglobe/osint-investigator", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/nano-pdf-tkqfw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-tkqfw", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-sokos", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-sokos", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-vbdin", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-vbdin", "rules": [ "ATR-2026-00121" ] }, { "skill": "cizixiu/wolai-api-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cizixiu/wolai-api-skill", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/phantom-syjqj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-syjqj", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-vhitx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-vhitx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-vpnfy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-vpnfy", "rules": [ "ATR-2026-00121" ] }, { "skill": "cizixiu/wolai-mcp-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cizixiu/wolai-mcp-skill", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/nano-pdf-xyixq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-xyixq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-vwlfb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-vwlfb", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-yqsfx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-yqsfx", "rules": [ "ATR-2026-00121" ] }, { "skill": "ckpxgfnksd-max/prompt-token-saver", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ckpxgfnksd-max/prompt-token-saver", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/phantom-xivjh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-xivjh", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/nano-pdf-zpgdu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/nano-pdf-zpgdu", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/phantom-ygmjc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/phantom-ygmjc", "rules": [ "ATR-2026-00121" ] }, { "skill": "clarezoe/foxcode-openclaw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/clarezoe/foxcode-openclaw", "rules": [ "ATR-2026-00135" ] }, { "skill": "sakaen736jih/summarize-177r", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-177r", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/poly", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/poly", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-7mfv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-7mfv", "rules": [ "ATR-2026-00121" ] }, { "skill": "clawmage/clawmage-learning-loop", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/clawmage/clawmage-learning-loop", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/polym", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polym", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-ienz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-ienz", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-25nwy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-25nwy", "rules": [ "ATR-2026-00121" ] }, { "skill": "clawwalletteam/claw-wallet-pro", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/clawwalletteam/claw-wallet-pro", "rules": [ "ATR-2026-00162" ] }, { "skill": "sakaen736jih/summarize-ilyc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-ilyc", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-33efn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-33efn", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-jd4g", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-jd4g", "rules": [ "ATR-2026-00121" ] }, { "skill": "cliffyan28/openclaw-fact-checker", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cliffyan28/openclaw-fact-checker", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/polymarket-4rrsh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-4rrsh", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-jqoq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-jqoq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-5dylt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-5dylt", "rules": [ "ATR-2026-00121" ] }, { "skill": "codeninja23/native-sentry", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/codeninja23/native-sentry", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-kx5u", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-kx5u", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-6ehca", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-6ehca", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-nrqj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-nrqj", "rules": [ "ATR-2026-00121" ] }, { "skill": "codenova58/live-search", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/codenova58/live-search", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-7ceau", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-7ceau", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-rjig", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-rjig", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-bpnyq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-bpnyq", "rules": [ "ATR-2026-00121" ] }, { "skill": "cognitae-ai/blacklight", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00164", "reason_en": "Scope hijack attack", "reason_zh": "\u7bc4\u570d\u52ab\u6301\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cognitae-ai/blacklight", "rules": [ "ATR-2026-00164" ] }, { "skill": "sakaen736jih/summarize-syis", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-syis", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-cexex", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-cexex", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-v8w3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-v8w3", "rules": [ "ATR-2026-00121" ] }, { "skill": "cohnen/pixcli", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cohnen/pixcli", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-dfknh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-dfknh", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/summarize-wy5c", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/summarize-wy5c", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-esfbk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-esfbk", "rules": [ "ATR-2026-00121" ] }, { "skill": "cohnen/pixcli-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cohnen/pixcli-skill", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-1sk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-1sk", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-fpwui", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-fpwui", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-339", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-339", "rules": [ "ATR-2026-00121" ] }, { "skill": "coorops25/gmailcleaner/mnt/user-data/outputs/openclaw-email-skills-v2/email-reporter", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/coorops25/gmailcleaner/mnt/user-data/outputs/openclaw-email-skills-v2/email-reporter", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/polymarket-gxyrz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-gxyrz", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-5qi", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-5qi", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-hoedg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-hoedg", "rules": [ "ATR-2026-00121" ] }, { "skill": "cp33333333333/proactive-agent1", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cp33333333333/proactive-agent1", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/wacli-ayv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-ayv", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-ik168", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-ik168", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-e7x", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-e7x", "rules": [ "ATR-2026-00121" ] }, { "skill": "cp3d1455926-svg/proactive-agent-cp3d", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cp3d1455926-svg/proactive-agent-cp3d", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/polymarket-jezc4", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-jezc4", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-eco", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-eco", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-juui0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-juui0", "rules": [ "ATR-2026-00121" ] }, { "skill": "crewhaus/crewhaus-tools", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/crewhaus/crewhaus-tools", "rules": [ "ATR-2026-00135" ] }, { "skill": "sakaen736jih/wacli-era", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-era", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-lzgm8", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-lzgm8", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-evv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-evv", "rules": [ "ATR-2026-00121" ] }, { "skill": "crispyangles/autonomous-agent-toolkit", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/crispyangles/autonomous-agent-toolkit", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/polymarket-mjjsc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-mjjsc", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-hdg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-hdg", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-n7dic", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-n7dic", "rules": [ "ATR-2026-00121" ] }, { "skill": "crispyangles/lobster-agent-forge", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/crispyangles/lobster-agent-forge", "rules": [ "ATR-2026-00123" ] }, { "skill": "sakaen736jih/wacli-hq4", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-hq4", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-phqtc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-phqtc", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-ikx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-ikx", "rules": [ "ATR-2026-00121" ] }, { "skill": "crispyangles/prompt-crafter", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/crispyangles/prompt-crafter", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/polymarket-qjypn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-qjypn", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-klt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-klt", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-qpi7w", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-qpi7w", "rules": [ "ATR-2026-00121" ] }, { "skill": "cyberxuan-xbx/skill-sanitizer", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/cyberxuan-xbx/skill-sanitizer", "rules": [ "ATR-2026-00120", "ATR-2026-00123" ] }, { "skill": "sakaen736jih/wacli-mch", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-mch", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-qxjyy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-qxjyy", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-muk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-muk", "rules": [ "ATR-2026-00121" ] }, { "skill": "daijo-bu/daily-questions", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/daijo-bu/daily-questions", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/polymarket-s7x4d", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-s7x4d", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-mwj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-mwj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-vah82", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-vah82", "rules": [ "ATR-2026-00121" ] }, { "skill": "dalomeve/evidence-url-verifier", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dalomeve/evidence-url-verifier", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/wacli-pma", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-pma", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-vj5zb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-vj5zb", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-w3y", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-w3y", "rules": [ "ATR-2026-00121" ] }, { "skill": "dalomeve/powershell-reliable", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dalomeve/powershell-reliable", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/polymarket-vx875", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-vx875", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/wacli-xcb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-xcb", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-wapbk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-wapbk", "rules": [ "ATR-2026-00121" ] }, { "skill": "dalomeve/prepublish-privacy-scrub", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dalomeve/prepublish-privacy-scrub", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/wacli-ydw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/wacli-ydw", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-y0c8k", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-y0c8k", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watchar", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watchar", "rules": [ "ATR-2026-00121" ] }, { "skill": "danielhangan/reelclaw-dansugc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/danielhangan/reelclaw-dansugc", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarket-z7lwp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarket-z7lwp", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-7", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-7", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polymarkets", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polymarkets", "rules": [ "ATR-2026-00121" ] }, { "skill": "daniellummis/render-env-guard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/daniellummis/render-env-guard", "rules": [ "ATR-2026-00149" ] }, { "skill": "sakaen736jih/youtube-watcher-8", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-8", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/polytrading", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/polytrading", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-a", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-a", "rules": [ "ATR-2026-00121" ] }, { "skill": "danieltamas/cloak-env-protection", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/danieltamas/cloak-env-protection", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/solana-07bcb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-07bcb", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-c", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-c", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-1fuhx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-1fuhx", "rules": [ "ATR-2026-00121" ] }, { "skill": "dank-varley/operation-quarantine", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dank-varley/operation-quarantine", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/youtube-watcher-d", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-d", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-1tfnz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-1tfnz", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-g", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-g", "rules": [ "ATR-2026-00121" ] }, { "skill": "danlct27/eli-prompt-guard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/danlct27/eli-prompt-guard", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/solana-1xv96", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-1xv96", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-h", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-h", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-7rrh8", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-7rrh8", "rules": [ "ATR-2026-00121" ] }, { "skill": "danlct27/openclaw-dlp-guard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/danlct27/openclaw-dlp-guard", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/youtube-watcher-j", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-j", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-9ahmt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-9ahmt", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-k", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-k", "rules": [ "ATR-2026-00121" ] }, { "skill": "darryek/tavily-search-darry/research", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/darryek/tavily-search-darry/research", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/solana-9lplb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-9lplb", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-n", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-n", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-a8wjy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-a8wjy", "rules": [ "ATR-2026-00121" ] }, { "skill": "davida-ps/clawtributor", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/davida-ps/clawtributor", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/youtube-watcher-p", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-p", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-d95dl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-d95dl", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-u", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-u", "rules": [ "ATR-2026-00121" ] }, { "skill": "davidajohnston/everclaw-inference/security/bagman", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/davidajohnston/everclaw-inference/security/bagman", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/solana-dddhn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-dddhn", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-w", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-w", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-dgipr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-dgipr", "rules": [ "ATR-2026-00121" ] }, { "skill": "davidajohnston/everclaw-inference/security/prompt-guard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/davidajohnston/everclaw-inference/security/prompt-guard", "rules": [ "ATR-2026-00120" ] }, { "skill": "sakaen736jih/youtube-watcher-x", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-x", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-fckyq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-fckyq", "rules": [ "ATR-2026-00121" ] }, { "skill": "sakaen736jih/youtube-watcher-z", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: C2 server at 91.92.242.30", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aC2 \u4f3a\u670d\u5668 91.92.242.30", "threat_actor": "sakaen736jih", "confirmed_malware": true, "link": "https://openclaw.com/skills/sakaen736jih/youtube-watcher-z", "rules": [ "ATR-2026-00121" ] }, { "skill": "davidfurlong/retrospective", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/davidfurlong/retrospective", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/solana-gamka", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-gamka", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-gj8sl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-gj8sl", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-goq2i", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-goq2i", "rules": [ "ATR-2026-00121" ] }, { "skill": "davis1216/openclaw-auto-update", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/davis1216/openclaw-auto-update", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/solana-ifxeq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-ifxeq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-imont", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-imont", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-ixqvy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-ixqvy", "rules": [ "ATR-2026-00121" ] }, { "skill": "daxiangnaoyang/daxiang-memory-optimization", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/daxiangnaoyang/daxiang-memory-optimization", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/solana-k7hyt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-k7hyt", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-kbhhl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-kbhhl", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-kief4", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-kief4", "rules": [ "ATR-2026-00121" ] }, { "skill": "daxiangnaoyang/routing-optimization", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/daxiangnaoyang/routing-optimization", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/solana-pjnom", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-pjnom", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-qpkqu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-qpkqu", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-rpozu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-rpozu", "rules": [ "ATR-2026-00121" ] }, { "skill": "dbirulia/documents-ai", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dbirulia/documents-ai", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/solana-t1nyq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-t1nyq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-tbcxe", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-tbcxe", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-uxcvc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-uxcvc", "rules": [ "ATR-2026-00121" ] }, { "skill": "decrystal/ade-mineru-api-skills", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/decrystal/ade-mineru-api-skills", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/solana-vwgfq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-vwgfq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-wi1cy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-wi1cy", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-wlnn4", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-wlnn4", "rules": [ "ATR-2026-00121" ] }, { "skill": "deeqyaqub1-cmd/skillfence", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/deeqyaqub1-cmd/skillfence", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-wrq1l", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-wrq1l", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-xx1q5", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-xx1q5", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/solana-ydqh7", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-ydqh7", "rules": [ "ATR-2026-00121" ] }, { "skill": "demegire/imessage-claw-messenger", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/demegire/imessage-claw-messenger", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/solana-ytzgw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/solana-ytzgw", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/update", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/update", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/updater", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/updater", "rules": [ "ATR-2026-00121" ] }, { "skill": "devcsde/oatda-text-completion", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/devcsde/oatda-text-completion", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/wallet-tracker-0ghsk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-0ghsk", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-0waih", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-0waih", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-8orkd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-8orkd", "rules": [ "ATR-2026-00121" ] }, { "skill": "devioslang/videogen", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/devioslang/videogen", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-af1i6", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-af1i6", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-al7er", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-al7er", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-auqlh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-auqlh", "rules": [ "ATR-2026-00121" ] }, { "skill": "dgriffin831/input-guard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dgriffin831/input-guard", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/wallet-tracker-bf3bs", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-bf3bs", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-bqahy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-bqahy", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-bs5ur", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-bs5ur", "rules": [ "ATR-2026-00121" ] }, { "skill": "dgriffin831/skill-scan/test-fixtures/evasive-03-prompt-subtle", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dgriffin831/skill-scan/test-fixtures/evasive-03-prompt-subtle", "rules": [ "ATR-2026-00128" ] }, { "skill": "hightower6eu/wallet-tracker-bxb0a", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-bxb0a", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-fntdr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-fntdr", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-gel8n", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-gel8n", "rules": [ "ATR-2026-00121" ] }, { "skill": "dgriffin831/skill-scan/test-fixtures/evasive-06-unicode-injection", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00129", "reason_en": "Unicode smuggling attack", "reason_zh": "Unicode \u593e\u5e36\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dgriffin831/skill-scan/test-fixtures/evasive-06-unicode-injection", "rules": [ "ATR-2026-00129", "ATR-2026-00120" ] }, { "skill": "hightower6eu/wallet-tracker-hhjpv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-hhjpv", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-ijyto", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-ijyto", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-l7dst", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-l7dst", "rules": [ "ATR-2026-00121" ] }, { "skill": "dgriffin831/skill-scan/test-fixtures/evasive-10-roleplay", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dgriffin831/skill-scan/test-fixtures/evasive-10-roleplay", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/wallet-tracker-mgwpt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-mgwpt", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-oozrx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-oozrx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-pbckx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-pbckx", "rules": [ "ATR-2026-00121" ] }, { "skill": "dgriffin831/skill-scan/test-fixtures/malicious-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dgriffin831/skill-scan/test-fixtures/malicious-skill", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/wallet-tracker-qoa9k", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-qoa9k", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-rcoux", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-rcoux", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-s5hx9", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-s5hx9", "rules": [ "ATR-2026-00121" ] }, { "skill": "dgriffin831/skill-scan/test-fixtures/prompt-injection-jailbreak", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dgriffin831/skill-scan/test-fixtures/prompt-injection-jailbreak", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/wallet-tracker-udqiq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-udqiq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-ue8hv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-ue8hv", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/wallet-tracker-x76ik", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-x76ik", "rules": [ "ATR-2026-00121" ] }, { "skill": "dinstein/openclaw-ops", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dinstein/openclaw-ops", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/wallet-tracker-zih4w", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/wallet-tracker-zih4w", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-0heof", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-0heof", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-9y6gc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-9y6gc", "rules": [ "ATR-2026-00121" ] }, { "skill": "dkistenev/inner-life-memory", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dkistenev/inner-life-memory", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/x-trends-axy84", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-axy84", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-bjcps", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-bjcps", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-cpif3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-cpif3", "rules": [ "ATR-2026-00121" ] }, { "skill": "dmx64/security-scanner", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dmx64/security-scanner", "rules": [ "ATR-2026-00122" ] }, { "skill": "hightower6eu/x-trends-dijrb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-dijrb", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-el5qn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-el5qn", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-hloqe", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-hloqe", "rules": [ "ATR-2026-00121" ] }, { "skill": "dodge1218/dsb-task-extractor", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dodge1218/dsb-task-extractor", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/x-trends-kujtp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-kujtp", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-ky4xt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-ky4xt", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-kzcxt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-kzcxt", "rules": [ "ATR-2026-00121" ] }, { "skill": "donghaozhang/qcut-toolkit/ffmpeg-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/donghaozhang/qcut-toolkit/ffmpeg-skill", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-mtzmi", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-mtzmi", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-ngw4s", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-ngw4s", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-nvdfx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-nvdfx", "rules": [ "ATR-2026-00121" ] }, { "skill": "donghaozhang/qcut-toolkit/videocut/setup", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/donghaozhang/qcut-toolkit/videocut/setup", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/x-trends-orwhp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-orwhp", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-ovdpf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-ovdpf", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-p7ivk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-p7ivk", "rules": [ "ATR-2026-00121" ] }, { "skill": "donotwannatry/resume-risk-screen", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/donotwannatry/resume-risk-screen", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/x-trends-qfpkj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-qfpkj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-qhz9c", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-qhz9c", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-qpaoo", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-qpaoo", "rules": [ "ATR-2026-00121" ] }, { "skill": "donovanpankratz-del/openclaw-skill-vetter", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/donovanpankratz-del/openclaw-skill-vetter", "rules": [ "ATR-2026-00162", "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-qylxo", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-qylxo", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-rjmtk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-rjmtk", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-rwskq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-rwskq", "rules": [ "ATR-2026-00121" ] }, { "skill": "dream-pig/rule-pasta-zoo-game", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00129", "reason_en": "Unicode smuggling attack", "reason_zh": "Unicode \u593e\u5e36\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dream-pig/rule-pasta-zoo-game", "rules": [ "ATR-2026-00129" ] }, { "skill": "hightower6eu/x-trends-wbc5p", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-wbc5p", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/x-trends-ypqjp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/x-trends-ypqjp", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-1h2ji", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-1h2ji", "rules": [ "ATR-2026-00121" ] }, { "skill": "duolahypercho/social-media-autoresearch", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/duolahypercho/social-media-autoresearch", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/yahoo-finance-2s8cv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-2s8cv", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-55ykj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-55ykj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-5fhu3", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-5fhu3", "rules": [ "ATR-2026-00121" ] }, { "skill": "dvnghiem/vnclaw-odoo-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/dvnghiem/vnclaw-odoo-skill", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/yahoo-finance-6icpt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-6icpt", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-7txap", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-7txap", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-bzrvt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-bzrvt", "rules": [ "ATR-2026-00121" ] }, { "skill": "easonc13/m3u8-downloader", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/easonc13/m3u8-downloader", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-cv8ev", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-cv8ev", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-eqosk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-eqosk", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-ijybk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-ijybk", "rules": [ "ATR-2026-00121" ] }, { "skill": "eathon/proactive-agent-v2", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/eathon/proactive-agent-v2", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/yahoo-finance-jdlqs", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-jdlqs", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-jzgua", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-jzgua", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-kmhxs", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-kmhxs", "rules": [ "ATR-2026-00121" ] }, { "skill": "edwardirby/teams-anthropic-integration", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/edwardirby/teams-anthropic-integration", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/yahoo-finance-m16op", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-m16op", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-mb9wu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-mb9wu", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-mz1nt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-mz1nt", "rules": [ "ATR-2026-00121" ] }, { "skill": "edwardirby/ydc-claude-agent-sdk-integration", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/edwardirby/ydc-claude-agent-sdk-integration", "rules": [ "ATR-2026-00149", "ATR-2026-00135" ] }, { "skill": "hightower6eu/yahoo-finance-om4g4", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-om4g4", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-saosh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-saosh", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-tqxkb", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-tqxkb", "rules": [ "ATR-2026-00121" ] }, { "skill": "edwardirby/ydc-openai-agent-sdk-integration", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/edwardirby/ydc-openai-agent-sdk-integration", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/yahoo-finance-uelhr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-uelhr", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-w3wo2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-w3wo2", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-wcr6j", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-wcr6j", "rules": [ "ATR-2026-00121" ] }, { "skill": "emersonbraun/eb-video-editor", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/emersonbraun/eb-video-editor", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-xsnez", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-xsnez", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-y7mbx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-y7mbx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/yahoo-finance-ztbyq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/yahoo-finance-ztbyq", "rules": [ "ATR-2026-00121" ] }, { "skill": "encipher88/nadfunagent", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/encipher88/nadfunagent", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/youtube-summarize-11y0i", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-11y0i", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-35o20", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-35o20", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-3hazy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-3hazy", "rules": [ "ATR-2026-00121" ] }, { "skill": "endcy/module-analyzer-generate-doc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/endcy/module-analyzer-generate-doc", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/youtube-summarize-3luwa", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-3luwa", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-5oixh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-5oixh", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-7vnwu", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-7vnwu", "rules": [ "ATR-2026-00121" ] }, { "skill": "endcy/project-analyzer-generate-doc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/endcy/project-analyzer-generate-doc", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/youtube-summarize-8edua", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-8edua", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-beqh9", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-beqh9", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-ebw5x", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-ebw5x", "rules": [ "ATR-2026-00121" ] }, { "skill": "endogen/monitored-ralph-loop", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/endogen/monitored-ralph-loop", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/youtube-summarize-gctcr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-gctcr", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-genms", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-genms", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-hr5oh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-hr5oh", "rules": [ "ATR-2026-00121" ] }, { "skill": "engineering-trunkate-ai/trunkate", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/engineering-trunkate-ai/trunkate", "rules": [ "ATR-2026-00120" ] }, { "skill": "hightower6eu/youtube-summarize-iagv2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-iagv2", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-ib7el", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-ib7el", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-ietsw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-ietsw", "rules": [ "ATR-2026-00121" ] }, { "skill": "enhongx/proactive-agent-bak", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/enhongx/proactive-agent-bak", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/youtube-summarize-k67rk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-k67rk", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-kodxd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-kodxd", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-l4hjv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-l4hjv", "rules": [ "ATR-2026-00121" ] }, { "skill": "erergb/wander-monitor", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/erergb/wander-monitor", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/youtube-summarize-l8nmj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-l8nmj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-lh9rq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-lh9rq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-mnoqm", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-mnoqm", "rules": [ "ATR-2026-00121" ] }, { "skill": "eugene9d/openclaw-workspace-pro", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/eugene9d/openclaw-workspace-pro", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/youtube-summarize-mxmlp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-mxmlp", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-noyux", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-noyux", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-ohxkm", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-ohxkm", "rules": [ "ATR-2026-00121" ] }, { "skill": "evan966890/ai-companion-setup", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/evan966890/ai-companion-setup", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/youtube-summarize-ppfxa", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-ppfxa", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-r5ajr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-r5ajr", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-tvtrh", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-tvtrh", "rules": [ "ATR-2026-00121" ] }, { "skill": "evan966890/clawgirl", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/evan966890/clawgirl", "rules": [ "ATR-2026-00123" ] }, { "skill": "hightower6eu/youtube-summarize-umait", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-umait", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-z7kli", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-z7kli", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-summarize-zserr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-zserr", "rules": [ "ATR-2026-00121" ] }, { "skill": "evanydl/tavily-research", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/evanydl/tavily-research", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/youtube-summarize-zwl3z", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-summarize-zwl3z", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-2dp6g", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-2dp6g", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-2vx4b", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-2vx4b", "rules": [ "ATR-2026-00121" ] }, { "skill": "evilboyajay/alura", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/evilboyajay/alura", "rules": [ "ATR-2026-00135" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-bg45o", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-bg45o", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-h67cl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-h67cl", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-jes1t", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-jes1t", "rules": [ "ATR-2026-00121" ] }, { "skill": "eyadhrif/persistent-user-memory", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/eyadhrif/persistent-user-memory", "rules": [ "ATR-2026-00163" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-jwnwx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-jwnwx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-ktwoe", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-ktwoe", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-mgaww", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-mgaww", "rules": [ "ATR-2026-00121" ] }, { "skill": "felix1983/atlas-argos", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/felix1983/atlas-argos", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-qvizx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-qvizx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-rzncj", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-rzncj", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-sq374", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-sq374", "rules": [ "ATR-2026-00121" ] }, { "skill": "felix1983/atlas-argos-teste", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/felix1983/atlas-argos-teste", "rules": [ "ATR-2026-00162" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-tzilx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-tzilx", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-thumbnail-grabber-w7har", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-thumbnail-grabber-w7har", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-5qfuw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-5qfuw", "rules": [ "ATR-2026-00121" ] }, { "skill": "felixlam10/douyin-video-forge-felix", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/felixlam10/douyin-video-forge-felix", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-9br7p", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-9br7p", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-9kscv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-9kscv", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-cjmxp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-cjmxp", "rules": [ "ATR-2026-00121" ] }, { "skill": "fermionoid/senseguard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fermionoid/senseguard", "rules": [ "ATR-2026-00120", "ATR-2026-00123" ] }, { "skill": "hightower6eu/youtube-video-downloader-fnkxw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-fnkxw", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-hvzyq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-hvzyq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-jobxc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-jobxc", "rules": [ "ATR-2026-00121" ] }, { "skill": "fffdz/survival-manager", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fffdz/survival-manager", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/youtube-video-downloader-kcbjr", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-kcbjr", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-pydzq", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-pydzq", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-tnot1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-tnot1", "rules": [ "ATR-2026-00121" ] }, { "skill": "fffdz/tianyi-self-upgrade", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fffdz/tianyi-self-upgrade", "rules": [ "ATR-2026-00149" ] }, { "skill": "hightower6eu/youtube-video-downloader-vsmhd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-vsmhd", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-wibsd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-wibsd", "rules": [ "ATR-2026-00121" ] }, { "skill": "hightower6eu/youtube-video-downloader-xx9sy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Known malware actor: Solana/Google Workspace disguise", "reason_zh": "\u5df2\u77e5\u60e1\u610f\u884c\u70ba\u8005\uff1aSolana/Google Workspace \u507d\u88dd", "threat_actor": "hightower6eu", "confirmed_malware": true, "link": "https://openclaw.com/skills/hightower6eu/youtube-video-downloader-xx9sy", "rules": [ "ATR-2026-00121" ] }, { "skill": "fiberian1981/telegram-voice-to-voice-macos", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fiberian1981/telegram-voice-to-voice-macos", "rules": [ "ATR-2026-00120" ] }, { "skill": "firebroo/security-skiil-scanner", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/firebroo/security-skiil-scanner", "rules": [ "ATR-2026-00162", "ATR-2026-00121" ] }, { "skill": "firefrog-pepe/skill-guard-snyk-agent-scan", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/firefrog-pepe/skill-guard-snyk-agent-scan", "rules": [ "ATR-2026-00128", "ATR-2026-00120" ] }, { "skill": "flayzz/heartbeats", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/flayzz/heartbeats", "rules": [ "ATR-2026-00123" ] }, { "skill": "fly0pants/admapix", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fly0pants/admapix", "rules": [ "ATR-2026-00135" ] }, { "skill": "fly0pants/ecomseer", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fly0pants/ecomseer", "rules": [ "ATR-2026-00135" ] }, { "skill": "fpsjago/binance-dca", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fpsjago/binance-dca", "rules": [ "ATR-2026-00135" ] }, { "skill": "frmoretto/hs", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/frmoretto/hs", "rules": [ "ATR-2026-00162", "ATR-2026-00121" ] }, { "skill": "fumarole16-afk/ai-bill-clawhub", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fumarole16-afk/ai-bill-clawhub", "rules": [ "ATR-2026-00120" ] }, { "skill": "fumarole16-afk/bill-v2-2-6", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/fumarole16-afk/bill-v2-2-6", "rules": [ "ATR-2026-00120" ] }, { "skill": "gandli/ctf-forensics", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/gandli/ctf-forensics", "rules": [ "ATR-2026-00122" ] }, { "skill": "gandli/ctf-pwn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/gandli/ctf-pwn", "rules": [ "ATR-2026-00121" ] }, { "skill": "gandli/ctf-web", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/gandli/ctf-web", "rules": [ "ATR-2026-00122" ] }, { "skill": "gavinchengcool/llm-kb", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/gavinchengcool/llm-kb", "rules": [ "ATR-2026-00123" ] }, { "skill": "gejiliang/trpg-session", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/gejiliang/trpg-session", "rules": [ "ATR-2026-00123" ] }, { "skill": "georges91560/security-sentinel-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/georges91560/security-sentinel-skill", "rules": [ "ATR-2026-00120" ] }, { "skill": "georges91560/skill-combinator", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/georges91560/skill-combinator", "rules": [ "ATR-2026-00123" ] }, { "skill": "georges91560/virtual-desktop", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/georges91560/virtual-desktop", "rules": [ "ATR-2026-00123" ] }, { "skill": "georges91560/virtual-desktop-pro", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/georges91560/virtual-desktop-pro", "rules": [ "ATR-2026-00123" ] }, { "skill": "gift-is-coding/macos-notification-reader", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/gift-is-coding/macos-notification-reader", "rules": [ "ATR-2026-00121" ] }, { "skill": "goddieian47-boop/clawbot", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/goddieian47-boop/clawbot", "rules": [ "ATR-2026-00163" ] }, { "skill": "goodman333/skill-safeguard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/goodman333/skill-safeguard", "rules": [ "ATR-2026-00120", "ATR-2026-00121" ] }, { "skill": "goog/defender2", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/goog/defender2", "rules": [ "ATR-2026-00126" ] }, { "skill": "google696/douyin-folklore-video", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/google696/douyin-folklore-video", "rules": [ "ATR-2026-00121" ] }, { "skill": "graceqx/test-skill-129404", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/graceqx/test-skill-129404", "rules": [ "ATR-2026-00120", "ATR-2026-00123" ] }, { "skill": "gtrusler/clawdbot-security-suite", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/gtrusler/clawdbot-security-suite", "rules": [ "ATR-2026-00120", "ATR-2026-00149" ] }, { "skill": "gtrusler/clawdbot-security-suite/skills/security", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/gtrusler/clawdbot-security-suite/skills/security", "rules": [ "ATR-2026-00120", "ATR-2026-00149" ] }, { "skill": "guifav/interop-forge", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/guifav/interop-forge", "rules": [ "ATR-2026-00126" ] }, { "skill": "guytogay/responsive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/guytogay/responsive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "guytogay/session-coordinator", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/guytogay/session-coordinator", "rules": [ "ATR-2026-00123" ] }, { "skill": "haibingtown/robotx", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/haibingtown/robotx", "rules": [ "ATR-2026-00126" ] }, { "skill": "halfmoon82/coding-team-setup", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/halfmoon82/coding-team-setup", "rules": [ "ATR-2026-00123" ] }, { "skill": "halfmoon82/multi-agent-team-by-halfmoon82", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/halfmoon82/multi-agent-team-by-halfmoon82", "rules": [ "ATR-2026-00123" ] }, { "skill": "halfmoon82/skill-priority-setup", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/halfmoon82/skill-priority-setup", "rules": [ "ATR-2026-00123" ] }, { "skill": "halthelobster/proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/halthelobster/proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "hammadtq/openbotauth", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hammadtq/openbotauth", "rules": [ "ATR-2026-00149" ] }, { "skill": "hanxueyuan/hermes-deploy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hanxueyuan/hermes-deploy", "rules": [ "ATR-2026-00162" ] }, { "skill": "happydog-intj/github-passwordless-setup", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/happydog-intj/github-passwordless-setup", "rules": [ "ATR-2026-00162" ] }, { "skill": "happyzengfen/fengxinzi-moltbook", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/happyzengfen/fengxinzi-moltbook", "rules": [ "ATR-2026-00162" ] }, { "skill": "harrylabsj/pipeline-keeper", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00164", "reason_en": "Scope hijack attack", "reason_zh": "\u7bc4\u570d\u52ab\u6301\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/harrylabsj/pipeline-keeper", "rules": [ "ATR-2026-00164" ] }, { "skill": "hemalylas381-rgb/free-girlfriend", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hemalylas381-rgb/free-girlfriend", "rules": [ "ATR-2026-00123" ] }, { "skill": "hendr15k/openclaw-autopilot-v9", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hendr15k/openclaw-autopilot-v9", "rules": [ "ATR-2026-00163" ] }, { "skill": "hg-hg/arknights-operator-gacha", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hg-hg/arknights-operator-gacha", "rules": [ "ATR-2026-00123" ] }, { "skill": "hichana/one-skill-to-rule-them-all", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hichana/one-skill-to-rule-them-all", "rules": [ "ATR-2026-00162", "ATR-2026-00120", "ATR-2026-00121" ] }, { "skill": "hisxo/timer", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hisxo/timer", "rules": [ "ATR-2026-00163" ] }, { "skill": "hit-cxf/aigc-director", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hit-cxf/aigc-director", "rules": [ "ATR-2026-00162" ] }, { "skill": "hlongvu/v0-cli", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hlongvu/v0-cli", "rules": [ "ATR-2026-00120" ] }, { "skill": "honeybee1130/openclaw-janitor", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/honeybee1130/openclaw-janitor", "rules": [ "ATR-2026-00123" ] }, { "skill": "honeybee1130/workspace-janitor", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/honeybee1130/workspace-janitor", "rules": [ "ATR-2026-00123" ] }, { "skill": "huamu668/huamu668-openclaw-security", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/huamu668/huamu668-openclaw-security", "rules": [ "ATR-2026-00121" ] }, { "skill": "huamu668/performance-ecc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/huamu668/performance-ecc", "rules": [ "ATR-2026-00120" ] }, { "skill": "hubstudio-max/hubstudio", "source": "OpenClaw", "severity": "low", "primary_rule": "ATR-2026-00127", "reason_en": "Subcommand overflow bypass", "reason_zh": "\u5b50\u6307\u4ee4\u6ea2\u51fa\u7e5e\u904e", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hubstudio-max/hubstudio", "rules": [ "ATR-2026-00127" ] }, { "skill": "hulk-yin/skill-creator-usm", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/hulk-yin/skill-creator-usm", "rules": [ "ATR-2026-00163" ] }, { "skill": "iammatthias/pinata-erc-8004", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/iammatthias/pinata-erc-8004", "rules": [ "ATR-2026-00163" ] }, { "skill": "ikchain/fabrik-codek", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ikchain/fabrik-codek", "rules": [ "ATR-2026-00163" ] }, { "skill": "iliaal/compound-eng-md-docs", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/iliaal/compound-eng-md-docs", "rules": [ "ATR-2026-00123" ] }, { "skill": "ilkhamfy/research-paper-kb", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ilkhamfy/research-paper-kb", "rules": [ "ATR-2026-00123" ] }, { "skill": "imjoey/ovirt-mcp", "source": "OpenClaw", "severity": "low", "primary_rule": "ATR-2026-00127", "reason_en": "Subcommand overflow bypass", "reason_zh": "\u5b50\u6307\u4ee4\u6ea2\u51fa\u7e5e\u904e", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/imjoey/ovirt-mcp", "rules": [ "ATR-2026-00127" ] }, { "skill": "impa365/setuporion-byimpa", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/impa365/setuporion-byimpa", "rules": [ "ATR-2026-00135" ] }, { "skill": "in12hacker/ariadne-thread", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/in12hacker/ariadne-thread", "rules": [ "ATR-2026-00123" ] }, { "skill": "ipythoning/wordpress-trade-site", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ipythoning/wordpress-trade-site", "rules": [ "ATR-2026-00149" ] }, { "skill": "iqbalnaveliano/agent-browser-zd1dook9mtfz", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/iqbalnaveliano/agent-browser-zd1dook9mtfz", "rules": [ "ATR-2026-00121" ] }, { "skill": "iqbalnaveliano/bird-su", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/iqbalnaveliano/bird-su", "rules": [ "ATR-2026-00121" ] }, { "skill": "ironiclawdoctor-design/aaron", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ironiclawdoctor-design/aaron", "rules": [ "ATR-2026-00123" ] }, { "skill": "iterdimensionaltv1/moltuniversity", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/iterdimensionaltv1/moltuniversity", "rules": [ "ATR-2026-00121" ] }, { "skill": "ivangdavila/car-rental", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ivangdavila/car-rental", "rules": [ "ATR-2026-00123" ] }, { "skill": "ivangdavila/ffmpeg", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ivangdavila/ffmpeg", "rules": [ "ATR-2026-00121" ] }, { "skill": "ivangdavila/listen", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ivangdavila/listen", "rules": [ "ATR-2026-00120" ] }, { "skill": "ivangdavila/macos", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ivangdavila/macos", "rules": [ "ATR-2026-00121" ] }, { "skill": "ivangdavila/outreach", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ivangdavila/outreach", "rules": [ "ATR-2026-00120" ] }, { "skill": "ivangdavila/triage", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ivangdavila/triage", "rules": [ "ATR-2026-00120" ] }, { "skill": "jackwener/tg-cli", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jackwener/tg-cli", "rules": [ "ATR-2026-00163" ] }, { "skill": "jacobthejacobs/task-scheduler", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jacobthejacobs/task-scheduler", "rules": [ "ATR-2026-00163" ] }, { "skill": "jalehman/claude-team", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jalehman/claude-team", "rules": [ "ATR-2026-00149" ] }, { "skill": "jamesouttake/skill-guard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jamesouttake/skill-guard", "rules": [ "ATR-2026-00128", "ATR-2026-00120" ] }, { "skill": "jaredforreal/glm-master-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jaredforreal/glm-master-skill", "rules": [ "ATR-2026-00135" ] }, { "skill": "jasonyuezhang/propel-code-review-smoke-1773429953", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jasonyuezhang/propel-code-review-smoke-1773429953", "rules": [ "ATR-2026-00163" ] }, { "skill": "javi23ruiz/nutrition-cli", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/javi23ruiz/nutrition-cli", "rules": [ "ATR-2026-00123" ] }, { "skill": "javi23ruiz/nutrition-pro", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/javi23ruiz/nutrition-pro", "rules": [ "ATR-2026-00123" ] }, { "skill": "jd-delatorre/lieutenant", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jd-delatorre/lieutenant", "rules": [ "ATR-2026-00120" ] }, { "skill": "jd2005l/opencortex", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jd2005l/opencortex", "rules": [ "ATR-2026-00123" ] }, { "skill": "jeffchang2024/deepsleep", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jeffchang2024/deepsleep", "rules": [ "ATR-2026-00123" ] }, { "skill": "jeffjhunter/openclaw-cost-optimizer", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jeffjhunter/openclaw-cost-optimizer", "rules": [ "ATR-2026-00163" ] }, { "skill": "jeffjhunter/soul-md-maker", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jeffjhunter/soul-md-maker", "rules": [ "ATR-2026-00123" ] }, { "skill": "jiahuamld/uni-vision-engine", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jiahuamld/uni-vision-engine", "rules": [ "ATR-2026-00123" ] }, { "skill": "jimihford/openclaw-bitwarden", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jimihford/openclaw-bitwarden", "rules": [ "ATR-2026-00135" ] }, { "skill": "jjjohny228/reelclaw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jjjohny228/reelclaw", "rules": [ "ATR-2026-00121" ] }, { "skill": "joansongjr/clawaimail", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/joansongjr/clawaimail", "rules": [ "ATR-2026-00135" ] }, { "skill": "johnixr/agentsocial", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/johnixr/agentsocial", "rules": [ "ATR-2026-00163" ] }, { "skill": "johnmalek312/mobile-run", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/johnmalek312/mobile-run", "rules": [ "ATR-2026-00135" ] }, { "skill": "johnmalek312/mobilerun", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/johnmalek312/mobilerun", "rules": [ "ATR-2026-00135" ] }, { "skill": "johnolven/swarm-kanban", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/johnolven/swarm-kanban", "rules": [ "ATR-2026-00135" ] }, { "skill": "johnolven/swarmind", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/johnolven/swarmind", "rules": [ "ATR-2026-00135" ] }, { "skill": "jordangreenhall/myr", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordangreenhall/myr", "rules": [ "ATR-2026-00123" ] }, { "skill": "jordanprater/polymarketcli", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordanprater/polymarketcli", "rules": [ "ATR-2026-00121" ] }, { "skill": "jordanprater/twittertrends", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordanprater/twittertrends", "rules": [ "ATR-2026-00121" ] }, { "skill": "jordanprater/xtrends", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordanprater/xtrends", "rules": [ "ATR-2026-00121" ] }, { "skill": "jordanprater/yahoofinance", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordanprater/yahoofinance", "rules": [ "ATR-2026-00121" ] }, { "skill": "jordanprater/youtube-summarize", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordanprater/youtube-summarize", "rules": [ "ATR-2026-00121" ] }, { "skill": "jordanprater/youtube-thumbnail-grabber", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordanprater/youtube-thumbnail-grabber", "rules": [ "ATR-2026-00121" ] }, { "skill": "jordanprater/youtube-video-downloader", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordanprater/youtube-video-downloader", "rules": [ "ATR-2026-00121" ] }, { "skill": "jordyvandomselaar/ralph-loop", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jordyvandomselaar/ralph-loop", "rules": [ "ATR-2026-00123" ] }, { "skill": "jpaulgrayson/agent-dreams", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jpaulgrayson/agent-dreams", "rules": [ "ATR-2026-00123" ] }, { "skill": "jpengcheng523-netizen/jpeng-skill-creator", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jpengcheng523-netizen/jpeng-skill-creator", "rules": [ "ATR-2026-00163" ] }, { "skill": "jpj069/jpj-memory-manager", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jpj069/jpj-memory-manager", "rules": [ "ATR-2026-00123" ] }, { "skill": "jrojas537/discogs-cli", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jrojas537/discogs-cli", "rules": [ "ATR-2026-00163" ] }, { "skill": "juanfiguera/jean-claw-van-damme", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/juanfiguera/jean-claw-van-damme", "rules": [ "ATR-2026-00123" ] }, { "skill": "juicyroots/nextcloud-aio-oc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/juicyroots/nextcloud-aio-oc", "rules": [ "ATR-2026-00162" ] }, { "skill": "jujitao/memory-never-forget", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/jujitao/memory-never-forget", "rules": [ "ATR-2026-00123" ] }, { "skill": "juliantsaiii/svg-animator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/juliantsaiii/svg-animator", "rules": [ "ATR-2026-00121" ] }, { "skill": "kaigegao1110/archive-project", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kaigegao1110/archive-project", "rules": [ "ATR-2026-00123" ] }, { "skill": "kaiji-z/claude-memory", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kaiji-z/claude-memory", "rules": [ "ATR-2026-00123" ] }, { "skill": "kapslap/memory-architect", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kapslap/memory-architect", "rules": [ "ATR-2026-00123" ] }, { "skill": "karryzhang/bgw-wallet-api", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/karryzhang/bgw-wallet-api", "rules": [ "ATR-2026-00163" ] }, { "skill": "karryzhang/bitget-wallet-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/karryzhang/bitget-wallet-skill", "rules": [ "ATR-2026-00163" ] }, { "skill": "keeganthomp/breeze", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/keeganthomp/breeze", "rules": [ "ATR-2026-00126" ] }, { "skill": "keeganthomp/breeze-x402-payment-api", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/keeganthomp/breeze-x402-payment-api", "rules": [ "ATR-2026-00162", "ATR-2026-00126" ] }, { "skill": "kehaoc/taste-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kehaoc/taste-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "kelvincai522/comfyui", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kelvincai522/comfyui", "rules": [ "ATR-2026-00163" ] }, { "skill": "kennethchiu2008-fran/bot-customizer", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kennethchiu2008-fran/bot-customizer", "rules": [ "ATR-2026-00123" ] }, { "skill": "kenswj/skill-guard-1-0-2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kenswj/skill-guard-1-0-2", "rules": [ "ATR-2026-00128", "ATR-2026-00120" ] }, { "skill": "kewang0622/build-game", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kewang0622/build-game", "rules": [ "ATR-2026-00123" ] }, { "skill": "kgeesawor/discord-soul", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kgeesawor/discord-soul", "rules": [ "ATR-2026-00120", "ATR-2026-00123" ] }, { "skill": "khaliqgant/agent-relay", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/khaliqgant/agent-relay", "rules": [ "ATR-2026-00121" ] }, { "skill": "kimbo128/drain-mcp", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kimbo128/drain-mcp", "rules": [ "ATR-2026-00163" ] }, { "skill": "kimbo128/hs58", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kimbo128/hs58", "rules": [ "ATR-2026-00163" ] }, { "skill": "kingmadellc/prediction-stack-setup", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kingmadellc/prediction-stack-setup", "rules": [ "ATR-2026-00135" ] }, { "skill": "kisssam6886/zonefoundry-local-sonos", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kisssam6886/zonefoundry-local-sonos", "rules": [ "ATR-2026-00163" ] }, { "skill": "kjaylee/web-bundling", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kjaylee/web-bundling", "rules": [ "ATR-2026-00120" ] }, { "skill": "klautimus/openclaw-token-memory-optimizer", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/klautimus/openclaw-token-memory-optimizer", "rules": [ "ATR-2026-00123" ] }, { "skill": "kledx/shll-run", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kledx/shll-run", "rules": [ "ATR-2026-00163" ] }, { "skill": "kledx/shll-skills", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kledx/shll-skills", "rules": [ "ATR-2026-00163" ] }, { "skill": "kledx/upload-clawhub", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kledx/upload-clawhub", "rules": [ "ATR-2026-00163" ] }, { "skill": "koatora20/guard-scanner/test/fixtures/edge-cases/comments-only", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/koatora20/guard-scanner/test/fixtures/edge-cases/comments-only", "rules": [ "ATR-2026-00120" ] }, { "skill": "koatora20/guard-scanner/test/fixtures/malicious/prompt-injection", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/koatora20/guard-scanner/test/fixtures/malicious/prompt-injection", "rules": [ "ATR-2026-00128", "ATR-2026-00120" ] }, { "skill": "koatora20/guard-scanner/test/fixtures/malicious/reverse-shell", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/koatora20/guard-scanner/test/fixtures/malicious/reverse-shell", "rules": [ "ATR-2026-00121" ] }, { "skill": "koatora20/guard-scanner/test/fixtures/malicious-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/koatora20/guard-scanner/test/fixtures/malicious-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "koatora20/memory-mastery", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/koatora20/memory-mastery", "rules": [ "ATR-2026-00123" ] }, { "skill": "korddie/sapi-tts", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/korddie/sapi-tts", "rules": [ "ATR-2026-00149" ] }, { "skill": "ksuriuri/noizai-daily-news-caster", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ksuriuri/noizai-daily-news-caster", "rules": [ "ATR-2026-00121" ] }, { "skill": "ktpriyatham/triple-memory-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ktpriyatham/triple-memory-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "kunalshah/audio-video", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kunalshah/audio-video", "rules": [ "ATR-2026-00121" ] }, { "skill": "kylehuan/skill-security-audit", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kylehuan/skill-security-audit", "rules": [ "ATR-2026-00120" ] }, { "skill": "kylinr/pipixia-drama-producer", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/kylinr/pipixia-drama-producer", "rules": [ "ATR-2026-00121" ] }, { "skill": "lachlanglasgow/project-tree", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lachlanglasgow/project-tree", "rules": [ "ATR-2026-00123" ] }, { "skill": "laigen/chanlun-technical-analysis", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/laigen/chanlun-technical-analysis", "rules": [ "ATR-2026-00121" ] }, { "skill": "lava-chen/bili-summary", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lava-chen/bili-summary", "rules": [ "ATR-2026-00135" ] }, { "skill": "legogigabrain/arc402-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/legogigabrain/arc402-agent", "rules": [ "ATR-2026-00163" ] }, { "skill": "leonting1010/tap", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/leonting1010/tap", "rules": [ "ATR-2026-00163" ] }, { "skill": "leothebravest/ponyflash", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/leothebravest/ponyflash", "rules": [ "ATR-2026-00121" ] }, { "skill": "lgy2020/context-persistence", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lgy2020/context-persistence", "rules": [ "ATR-2026-00123" ] }, { "skill": "licc921/safelink", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/licc921/safelink", "rules": [ "ATR-2026-00120" ] }, { "skill": "lidekahdjdhdhsjjs-lang/hz-proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lidekahdjdhdhsjjs-lang/hz-proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "lidian6864677/harness-generate-ios", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lidian6864677/harness-generate-ios", "rules": [ "ATR-2026-00123" ] }, { "skill": "lidian6864677/sub-agent-creator", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lidian6864677/sub-agent-creator", "rules": [ "ATR-2026-00123" ] }, { "skill": "limone-eth/erc8004-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/limone-eth/erc8004-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "limoxt/rex-skill-creator", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/limoxt/rex-skill-creator", "rules": [ "ATR-2026-00163" ] }, { "skill": "linhongbijkm-dot/edu-video-generator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/linhongbijkm-dot/edu-video-generator", "rules": [ "ATR-2026-00121" ] }, { "skill": "linux2010/stock-quote", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/linux2010/stock-quote", "rules": [ "ATR-2026-00123" ] }, { "skill": "liudu2326526/ffmpeg-master", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/liudu2326526/ffmpeg-master", "rules": [ "ATR-2026-00121" ] }, { "skill": "liudu2326526/insaiai-intelligent-editing", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/liudu2326526/insaiai-intelligent-editing", "rules": [ "ATR-2026-00121" ] }, { "skill": "liuhao6741/mindkeeper", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/liuhao6741/mindkeeper", "rules": [ "ATR-2026-00163" ] }, { "skill": "liujiang817/my-proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/liujiang817/my-proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "liuweifly/openclaw-dream", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/liuweifly/openclaw-dream", "rules": [ "ATR-2026-00123" ] }, { "skill": "lizhelong0907/memory-master", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lizhelong0907/memory-master", "rules": [ "ATR-2026-00123" ] }, { "skill": "ljsd666/openclaw-tradingview-quant", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ljsd666/openclaw-tradingview-quant", "rules": [ "ATR-2026-00120" ] }, { "skill": "llcsamih/self-host-deployer", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/llcsamih/self-host-deployer", "rules": [ "ATR-2026-00149" ] }, { "skill": "lmanchu/pcclaw/skills/win-scheduler", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lmanchu/pcclaw/skills/win-scheduler", "rules": [ "ATR-2026-00163" ] }, { "skill": "lmanchu/pcclaw/skills/win-screenshot", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lmanchu/pcclaw/skills/win-screenshot", "rules": [ "ATR-2026-00149" ] }, { "skill": "lockdown56/openclaw-sec-plus", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lockdown56/openclaw-sec-plus", "rules": [ "ATR-2026-00120", "ATR-2026-00149" ] }, { "skill": "lomo36/clawgym", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lomo36/clawgym", "rules": [ "ATR-2026-00123" ] }, { "skill": "lonelybeanz/codex-hook", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lonelybeanz/codex-hook", "rules": [ "ATR-2026-00162" ] }, { "skill": "longgggggg/bond-information", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/longgggggg/bond-information", "rules": [ "ATR-2026-00162" ] }, { "skill": "longgggggg/company-information", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/longgggggg/company-information", "rules": [ "ATR-2026-00162" ] }, { "skill": "longgggggg/companyinformation", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/longgggggg/companyinformation", "rules": [ "ATR-2026-00162" ] }, { "skill": "longgggggg/industry-information", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/longgggggg/industry-information", "rules": [ "ATR-2026-00162" ] }, { "skill": "longgggggg/macro-information", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/longgggggg/macro-information", "rules": [ "ATR-2026-00162" ] }, { "skill": "longgggggg/web-insight/skill.md", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/longgggggg/web-insight/skill", "rules": [ "ATR-2026-00162" ] }, { "skill": "lordmahakaal/excoder-autonomy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lordmahakaal/excoder-autonomy", "rules": [ "ATR-2026-00135" ] }, { "skill": "loudmouthedmedia/context-bridger", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/loudmouthedmedia/context-bridger", "rules": [ "ATR-2026-00123" ] }, { "skill": "luckycat133/agent-skills-setup", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/luckycat133/agent-skills-setup", "rules": [ "ATR-2026-00123" ] }, { "skill": "luduvigo/human-approval", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/luduvigo/human-approval", "rules": [ "ATR-2026-00123" ] }, { "skill": "luowanqian/skill-creator-3", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/luowanqian/skill-creator-3", "rules": [ "ATR-2026-00163" ] }, { "skill": "lvcidpsyche/skill-bomb-dog-sniff", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lvcidpsyche/skill-bomb-dog-sniff", "rules": [ "ATR-2026-00121" ] }, { "skill": "lvy19811120-gif/polymarketagent", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lvy19811120-gif/polymarketagent", "rules": [ "ATR-2026-00121" ] }, { "skill": "lxgicstudios/ai-api-docs", "source": "OpenClaw", "severity": "low", "primary_rule": "ATR-2026-00127", "reason_en": "Subcommand overflow bypass", "reason_zh": "\u5b50\u6307\u4ee4\u6ea2\u51fa\u7e5e\u904e", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lxgicstudios/ai-api-docs", "rules": [ "ATR-2026-00127" ] }, { "skill": "lxgicstudios/ai-compound", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lxgicstudios/ai-compound", "rules": [ "ATR-2026-00123" ] }, { "skill": "lxgicstudios/api-docs-gen", "source": "OpenClaw", "severity": "low", "primary_rule": "ATR-2026-00127", "reason_en": "Subcommand overflow bypass", "reason_zh": "\u5b50\u6307\u4ee4\u6ea2\u51fa\u7e5e\u904e", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lxgicstudios/api-docs-gen", "rules": [ "ATR-2026-00127" ] }, { "skill": "lxgicstudios/compound-calc", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lxgicstudios/compound-calc", "rules": [ "ATR-2026-00123" ] }, { "skill": "lxgicstudios/compound-engineering", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/lxgicstudios/compound-engineering", "rules": [ "ATR-2026-00123" ] }, { "skill": "mahmoudadelbghany/ffmpeg-video-editor", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mahmoudadelbghany/ffmpeg-video-editor", "rules": [ "ATR-2026-00121" ] }, { "skill": "maikunari/wal-memory", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/maikunari/wal-memory", "rules": [ "ATR-2026-00123" ] }, { "skill": "makani20/post-see-scheduler", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/makani20/post-see-scheduler", "rules": [ "ATR-2026-00162" ] }, { "skill": "makaronz/proactive", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/makaronz/proactive", "rules": [ "ATR-2026-00123" ] }, { "skill": "makaronz/proactive-agent-install", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/makaronz/proactive-agent-install", "rules": [ "ATR-2026-00123" ] }, { "skill": "malvex007/shadow-strike-security", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/malvex007/shadow-strike-security", "rules": [ "ATR-2026-00122" ] }, { "skill": "mariozada/mobilerun-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mariozada/mobilerun-skill", "rules": [ "ATR-2026-00135" ] }, { "skill": "marshong-86/openclaw-two-way-deployment", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/marshong-86/openclaw-two-way-deployment", "rules": [ "ATR-2026-00149" ] }, { "skill": "mastersyondgy/seedstr/skill.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mastersyondgy/seedstr/skill", "rules": [ "ATR-2026-00163" ] }, { "skill": "mathematics-yang/memos-oneclick-install", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mathematics-yang/memos-oneclick-install", "rules": [ "ATR-2026-00163" ] }, { "skill": "mattvalenta/pls-seo-audit", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mattvalenta/pls-seo-audit", "rules": [ "ATR-2026-00135" ] }, { "skill": "mcxxtyhd/theo-confluence-reader", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mcxxtyhd/theo-confluence-reader", "rules": [ "ATR-2026-00149" ] }, { "skill": "methodalgo/methodalgo-market-intel-explorer", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/methodalgo/methodalgo-market-intel-explorer", "rules": [ "ATR-2026-00135" ] }, { "skill": "mikewang817/my-computer", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mikewang817/my-computer", "rules": [ "ATR-2026-00121" ] }, { "skill": "mikiane/qapten-essential-tools", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mikiane/qapten-essential-tools", "rules": [ "ATR-2026-00149" ] }, { "skill": "minybear/memory-reme", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/minybear/memory-reme", "rules": [ "ATR-2026-00123" ] }, { "skill": "misscrx/vivi-skill-vetter", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/misscrx/vivi-skill-vetter", "rules": [ "ATR-2026-00121" ] }, { "skill": "mohibshaikh/clawvet/apps/api/test/fixtures/obfuscated-payload", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mohibshaikh/clawvet/apps/api/test/fixtures/obfuscated-payload", "rules": [ "ATR-2026-00121" ] }, { "skill": "mohibshaikh/clawvet/apps/api/test/fixtures/sneaky-injection", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mohibshaikh/clawvet/apps/api/test/fixtures/sneaky-injection", "rules": [ "ATR-2026-00120", "ATR-2026-00123" ] }, { "skill": "mohibshaikh/clawvet/benchmarks/malicious/obfuscated-shell", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mohibshaikh/clawvet/benchmarks/malicious/obfuscated-shell", "rules": [ "ATR-2026-00121" ] }, { "skill": "mohibshaikh/clawvet/benchmarks/malicious/prompt-injection", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mohibshaikh/clawvet/benchmarks/malicious/prompt-injection", "rules": [ "ATR-2026-00120" ] }, { "skill": "mohibshaikh/clawvet/benchmarks/malicious/rce-base64", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mohibshaikh/clawvet/benchmarks/malicious/rce-base64", "rules": [ "ATR-2026-00126" ] }, { "skill": "mohit21gojs/unipile-linkedin-sdk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mohit21gojs/unipile-linkedin-sdk", "rules": [ "ATR-2026-00162" ] }, { "skill": "mondilo1/prose", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mondilo1/prose", "rules": [ "ATR-2026-00162" ] }, { "skill": "moonshine-100rze/excel-1kl", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/moonshine-100rze/excel-1kl", "rules": [ "ATR-2026-00121" ] }, { "skill": "moonshine-100rze/moltbook-lm8", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/moonshine-100rze/moltbook-lm8", "rules": [ "ATR-2026-00121" ] }, { "skill": "moonshine-100rze/twitter-6ql", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/moonshine-100rze/twitter-6ql", "rules": [ "ATR-2026-00121" ] }, { "skill": "mosoonpi-ai/multi-agent-architecture", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mosoonpi-ai/multi-agent-architecture", "rules": [ "ATR-2026-00123" ] }, { "skill": "mscandlen3/use-user-controlled-wallets", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mscandlen3/use-user-controlled-wallets", "rules": [ "ATR-2026-00163" ] }, { "skill": "muhammedilyasy/reddit-marketing-geo", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/muhammedilyasy/reddit-marketing-geo", "rules": [ "ATR-2026-00163" ] }, { "skill": "muninjun/mij-kakao-local", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/muninjun/mij-kakao-local", "rules": [ "ATR-2026-00149" ] }, { "skill": "mupengi-bot/mupengism", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mupengi-bot/mupengism", "rules": [ "ATR-2026-00123" ] }, { "skill": "musharsec/raigo-af", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/musharsec/raigo-af", "rules": [ "ATR-2026-00120" ] }, { "skill": "mystour/hermes-learning-loop", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/mystour/hermes-learning-loop", "rules": [ "ATR-2026-00123" ] }, { "skill": "nadjihamid/android-sms-gateway", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nadjihamid/android-sms-gateway", "rules": [ "ATR-2026-00135" ] }, { "skill": "nakedoshadow/shadows-security-scanner", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nakedoshadow/shadows-security-scanner", "rules": [ "ATR-2026-00162" ] }, { "skill": "nanophotohq/nanophoto-nano-banana-2", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nanophotohq/nanophoto-nano-banana-2", "rules": [ "ATR-2026-00135" ] }, { "skill": "nanophotohq/nanophoto-nano-banana-pro", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nanophotohq/nanophoto-nano-banana-pro", "rules": [ "ATR-2026-00135" ] }, { "skill": "nanophotohq/nanophoto-veo-3-1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nanophotohq/nanophoto-veo-3-1", "rules": [ "ATR-2026-00135" ] }, { "skill": "nanophotohq/sora-watermark-remover", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nanophotohq/sora-watermark-remover", "rules": [ "ATR-2026-00135" ] }, { "skill": "nanophotohq/video-prompt-generator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nanophotohq/video-prompt-generator", "rules": [ "ATR-2026-00135" ] }, { "skill": "nanophotohq/video-reverse-prompt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nanophotohq/video-reverse-prompt", "rules": [ "ATR-2026-00135" ] }, { "skill": "nantes/agent-watcher", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nantes/agent-watcher", "rules": [ "ATR-2026-00149" ] }, { "skill": "nashbuaa-ops/auto-security-audit", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nashbuaa-ops/auto-security-audit", "rules": [ "ATR-2026-00122" ] }, { "skill": "nattsukun/openclaw-skill-creator-th", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nattsukun/openclaw-skill-creator-th", "rules": [ "ATR-2026-00163" ] }, { "skill": "naveenspark/clawzempic/competitors/triple-memory-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/naveenspark/clawzempic/competitors/triple-memory-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "neckr0ik/audio-handler", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/neckr0ik/audio-handler", "rules": [ "ATR-2026-00121" ] }, { "skill": "nek-11/moltgram/skill.md", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nek-11/moltgram/skill", "rules": [ "ATR-2026-00120" ] }, { "skill": "nelmaz/zai-coding", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nelmaz/zai-coding", "rules": [ "ATR-2026-00135" ] }, { "skill": "neroagent/session-wrap-up-premium", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/neroagent/session-wrap-up-premium", "rules": [ "ATR-2026-00123" ] }, { "skill": "netanel-abergel/billing-monitor", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/netanel-abergel/billing-monitor", "rules": [ "ATR-2026-00163" ] }, { "skill": "netanel-abergel/heleni-memory-architecture", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/netanel-abergel/heleni-memory-architecture", "rules": [ "ATR-2026-00123" ] }, { "skill": "newolf20000/auto-updater-pro", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00151", "reason_en": "Matched ATR-2026-00151", "reason_zh": "\u5339\u914d ATR-2026-00151", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/newolf20000/auto-updater-pro", "rules": [ "ATR-2026-00151", "ATR-2026-00134" ] }, { "skill": "nextaltair/val/skills/soul-in-sapphire", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nextaltair/val/skills/soul-in-sapphire", "rules": [ "ATR-2026-00123" ] }, { "skill": "nhannah/venice-ai-media", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nhannah/venice-ai-media", "rules": [ "ATR-2026-00135" ] }, { "skill": "nidhov01/nidhov01-proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nidhov01/nidhov01-proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "nightfullstar/openclaw-defender", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nightfullstar/openclaw-defender", "rules": [ "ATR-2026-00121" ] }, { "skill": "ninjagpt/skill-security-reviewer", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ninjagpt/skill-security-reviewer", "rules": [ "ATR-2026-00126" ] }, { "skill": "nissan/showcase-video-builder", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nissan/showcase-video-builder", "rules": [ "ATR-2026-00121" ] }, { "skill": "no7dw/openclaw-auto-training-skill/skill.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/no7dw/openclaw-auto-training-skill/skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "nollio/normieclaw-supercharged-memory", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nollio/normieclaw-supercharged-memory", "rules": [ "ATR-2026-00123" ] }, { "skill": "np793/teneoprotocolcli/skill.md", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/np793/teneoprotocolcli/skill", "rules": [ "ATR-2026-00149" ] }, { "skill": "nsahal/nmap-recon", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nsahal/nmap-recon", "rules": [ "ATR-2026-00122" ] }, { "skill": "nukewire/clawdefender", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/nukewire/clawdefender", "rules": [ "ATR-2026-00120", "ATR-2026-00149" ] }, { "skill": "oakencore/skillvet", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/oakencore/skillvet", "rules": [ "ATR-2026-00121", "ATR-2026-00123" ] }, { "skill": "oguzhnatly/fleet", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00164", "reason_en": "Scope hijack attack", "reason_zh": "\u7bc4\u570d\u52ab\u6301\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/oguzhnatly/fleet", "rules": [ "ATR-2026-00164" ] }, { "skill": "oliveskin/agent-tinman", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/oliveskin/agent-tinman", "rules": [ "ATR-2026-00163" ] }, { "skill": "oliviapp8/video-stitcher", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/oliviapp8/video-stitcher", "rules": [ "ATR-2026-00121" ] }, { "skill": "oloapiu/airshell", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/oloapiu/airshell", "rules": [ "ATR-2026-00163" ] }, { "skill": "oryanmoshe/memory-dreaming", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/oryanmoshe/memory-dreaming", "rules": [ "ATR-2026-00123" ] }, { "skill": "ottoprua/agent-memory-protocol", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ottoprua/agent-memory-protocol", "rules": [ "ATR-2026-00123" ] }, { "skill": "ousher/efs-agent-soul", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ousher/efs-agent-soul", "rules": [ "ATR-2026-00123" ] }, { "skill": "owen-ai-01/add-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/owen-ai-01/add-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "oyi77/joko-proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/oyi77/joko-proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "panchenbo/atomgit-powershell", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/panchenbo/atomgit-powershell", "rules": [ "ATR-2026-00149" ] }, { "skill": "paolorollo/openclaw-sec", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/paolorollo/openclaw-sec", "rules": [ "ATR-2026-00120", "ATR-2026-00149" ] }, { "skill": "parasyte-x/agentic-wallet-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/parasyte-x/agentic-wallet-skill", "rules": [ "ATR-2026-00120" ] }, { "skill": "parasyte-x/xtown-skills", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/parasyte-x/xtown-skills", "rules": [ "ATR-2026-00120" ] }, { "skill": "patches429/giggle-generation-aimv", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/patches429/giggle-generation-aimv", "rules": [ "ATR-2026-00135" ] }, { "skill": "pearyj/sillytavern-cards-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/pearyj/sillytavern-cards-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "pedrocarballo/adeptloop-improve", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/pedrocarballo/adeptloop-improve", "rules": [ "ATR-2026-00163" ] }, { "skill": "pengjunquan-l/divorce-advisor", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/pengjunquan-l/divorce-advisor", "rules": [ "ATR-2026-00120" ] }, { "skill": "peteremiljensen/goodwallet", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/peteremiljensen/goodwallet", "rules": [ "ATR-2026-00163" ] }, { "skill": "peti0402/anti-amnesia", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/peti0402/anti-amnesia", "rules": [ "ATR-2026-00123" ] }, { "skill": "phy041/phy-dotenv-inheritance-mapper", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/phy041/phy-dotenv-inheritance-mapper", "rules": [ "ATR-2026-00162" ] }, { "skill": "phy041/phy-skill-creator", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/phy041/phy-skill-creator", "rules": [ "ATR-2026-00163" ] }, { "skill": "phy041/phy-skill-scanner", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/phy041/phy-skill-scanner", "rules": [ "ATR-2026-00162", "ATR-2026-00120" ] }, { "skill": "phy041/phy-ssrf-audit", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/phy041/phy-ssrf-audit", "rules": [ "ATR-2026-00149" ] }, { "skill": "pierremenard/auto-updater-ah1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/pierremenard/auto-updater-ah1", "rules": [ "ATR-2026-00121" ] }, { "skill": "pitayak/eswr-studio", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/pitayak/eswr-studio", "rules": [ "ATR-2026-00162" ] }, { "skill": "plabzzxx/skill-creator-claude", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/plabzzxx/skill-creator-claude", "rules": [ "ATR-2026-00163" ] }, { "skill": "polumish/server-audit", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/polumish/server-audit", "rules": [ "ATR-2026-00149" ] }, { "skill": "porkapple/openclaw-multi-agents", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/porkapple/openclaw-multi-agents", "rules": [ "ATR-2026-00123" ] }, { "skill": "probebuilders/rydberg-agent-node", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/probebuilders/rydberg-agent-node", "rules": [ "ATR-2026-00149" ] }, { "skill": "psychotechv4/jarvis-memory-architecture", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/psychotechv4/jarvis-memory-architecture", "rules": [ "ATR-2026-00123" ] }, { "skill": "pupuking723/skill-creator-anthropic", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/pupuking723/skill-creator-anthropic", "rules": [ "ATR-2026-00163" ] }, { "skill": "pwu0125/skill-creator-opencode", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/pwu0125/skill-creator-opencode", "rules": [ "ATR-2026-00163" ] }, { "skill": "q262045312-ui/openclaw-proactive-agent-3-1-0", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/q262045312-ui/openclaw-proactive-agent-3-1-0", "rules": [ "ATR-2026-00123" ] }, { "skill": "qianduoduo1422608857/xhs-publish", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/qianduoduo1422608857/xhs-publish", "rules": [ "ATR-2026-00121" ] }, { "skill": "qingquanagi/agent-runtime-security", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/qingquanagi/agent-runtime-security", "rules": [ "ATR-2026-00123" ] }, { "skill": "qoohsuan/mongodb-admin-toolkit", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/qoohsuan/mongodb-admin-toolkit", "rules": [ "ATR-2026-00149" ] }, { "skill": "quantweb3-scott/nexustrader", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/quantweb3-scott/nexustrader", "rules": [ "ATR-2026-00163" ] }, { "skill": "qwe123sddfsdfs/websocket-reconnect", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/qwe123sddfsdfs/websocket-reconnect", "rules": [ "ATR-2026-00120" ] }, { "skill": "ranthemaster/proactive-agent-2", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ranthemaster/proactive-agent-2", "rules": [ "ATR-2026-00123" ] }, { "skill": "red0orange/related-works-report-from-paper-mds", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/red0orange/related-works-report-from-paper-mds", "rules": [ "ATR-2026-00123" ] }, { "skill": "red0orange/tavily-arxiv-paper-fetech", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/red0orange/tavily-arxiv-paper-fetech", "rules": [ "ATR-2026-00123" ] }, { "skill": "rednix/skill-stuff", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rednix/skill-stuff", "rules": [ "ATR-2026-00123" ] }, { "skill": "rednix/skill-stuff/meeting-prep-SKILL.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rednix/skill-stuff/meeting-prep-SKILL", "rules": [ "ATR-2026-00123" ] }, { "skill": "rednix/skill-stuff/morning-briefing-SKILL.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rednix/skill-stuff/morning-briefing-SKILL", "rules": [ "ATR-2026-00123" ] }, { "skill": "rednix/skill-stuff/relationship-pulse-SKILL.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rednix/skill-stuff/relationship-pulse-SKILL", "rules": [ "ATR-2026-00123" ] }, { "skill": "rednix/skill-stuff/skills-public/meeting-prep", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rednix/skill-stuff/skills-public/meeting-prep", "rules": [ "ATR-2026-00123" ] }, { "skill": "rednix/skill-stuff/skills-public/morning-briefing", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rednix/skill-stuff/skills-public/morning-briefing", "rules": [ "ATR-2026-00123" ] }, { "skill": "rednix/skill-stuff/skills-public/relationship-pulse", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rednix/skill-stuff/skills-public/relationship-pulse", "rules": [ "ATR-2026-00123" ] }, { "skill": "relayintel/relay-for-telegram", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/relayintel/relay-for-telegram", "rules": [ "ATR-2026-00135" ] }, { "skill": "relunctance/soul-force", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/relunctance/soul-force", "rules": [ "ATR-2026-00123" ] }, { "skill": "renixaus/yahoo-finance-lpm-1-0-0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/renixaus/yahoo-finance-lpm-1-0-0", "rules": [ "ATR-2026-00121" ] }, { "skill": "renning22/workstation", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/renning22/workstation", "rules": [ "ATR-2026-00162" ] }, { "skill": "retieflouw/tootoo-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/retieflouw/tootoo-skill", "rules": [ "ATR-2026-00126" ] }, { "skill": "reynardoew/defillama-setup", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/reynardoew/defillama-setup", "rules": [ "ATR-2026-00163" ] }, { "skill": "richginsberg/ralph-mode", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/richginsberg/ralph-mode", "rules": [ "ATR-2026-00123" ] }, { "skill": "ricksf/anime-drama", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ricksf/anime-drama", "rules": [ "ATR-2026-00121" ] }, { "skill": "rithythul/koompi-memory", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rithythul/koompi-memory", "rules": [ "ATR-2026-00123" ] }, { "skill": "rithythul/nimmit-onboarding", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rithythul/nimmit-onboarding", "rules": [ "ATR-2026-00123" ] }, { "skill": "rizaldii09/firstt", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rizaldii09/firstt", "rules": [ "ATR-2026-00163" ] }, { "skill": "rmbell09-lang/lucky-build-protocol", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rmbell09-lang/lucky-build-protocol", "rules": [ "ATR-2026-00123" ] }, { "skill": "robinc913/360guard-skillvetter-upgrade-version", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/robinc913/360guard-skillvetter-upgrade-version", "rules": [ "ATR-2026-00121" ] }, { "skill": "robinoppenstam/vigil", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/robinoppenstam/vigil", "rules": [ "ATR-2026-00126" ] }, { "skill": "rocanome/safepaste", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rocanome/safepaste", "rules": [ "ATR-2026-00120" ] }, { "skill": "rockyzhuo/my-admapix", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rockyzhuo/my-admapix", "rules": [ "ATR-2026-00135" ] }, { "skill": "roger0808/openclaw-evolution", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/roger0808/openclaw-evolution", "rules": [ "ATR-2026-00123" ] }, { "skill": "roko-boy/memory-org-brand", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/roko-boy/memory-org-brand", "rules": [ "ATR-2026-00123" ] }, { "skill": "rotemtam/clawback-sh", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rotemtam/clawback-sh", "rules": [ "ATR-2026-00163" ] }, { "skill": "royhk920/ai-prompt-engineer", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/royhk920/ai-prompt-engineer", "rules": [ "ATR-2026-00163" ] }, { "skill": "rsdouglas/janee", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rsdouglas/janee", "rules": [ "ATR-2026-00149" ] }, { "skill": "rui000/test00", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/rui000/test00", "rules": [ "ATR-2026-00120" ] }, { "skill": "ryanprice/replenum-agent/skill.md", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ryanprice/replenum-agent/skill", "rules": [ "ATR-2026-00149" ] }, { "skill": "ryanxu19/clawlabor", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ryanxu19/clawlabor", "rules": [ "ATR-2026-00163" ] }, { "skill": "sa9saq/lan-scanner", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sa9saq/lan-scanner", "rules": [ "ATR-2026-00122" ] }, { "skill": "sa9saq/rey-network-scanner", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sa9saq/rey-network-scanner", "rules": [ "ATR-2026-00122" ] }, { "skill": "saltorioussig/among-traitors-game", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/saltorioussig/among-traitors-game", "rules": [ "ATR-2026-00126" ] }, { "skill": "samber/golang-stretchr-testify", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/samber/golang-stretchr-testify", "rules": [ "ATR-2026-00163" ] }, { "skill": "samledger67-dotcom/agent-memory-architecture", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/samledger67-dotcom/agent-memory-architecture", "rules": [ "ATR-2026-00123" ] }, { "skill": "san-npm/aleph-cloud-self-deployment", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/san-npm/aleph-cloud-self-deployment", "rules": [ "ATR-2026-00149" ] }, { "skill": "san-npm/aleph-vm-replication", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/san-npm/aleph-vm-replication", "rules": [ "ATR-2026-00149" ] }, { "skill": "sandmark78/input-validator", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sandmark78/input-validator", "rules": [ "ATR-2026-00120", "ATR-2026-00121" ] }, { "skill": "saurabhjain1592/governance-policies", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/saurabhjain1592/governance-policies", "rules": [ "ATR-2026-00121" ] }, { "skill": "sctc888-hub/reverseprompt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sctc888-hub/reverseprompt", "rules": [ "ATR-2026-00135" ] }, { "skill": "scytheshan-pixel/incident-fupan", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/scytheshan-pixel/incident-fupan", "rules": [ "ATR-2026-00123" ] }, { "skill": "sdk-team/alibabacloud-cfw-exposure-detection", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sdk-team/alibabacloud-cfw-exposure-detection", "rules": [ "ATR-2026-00163" ] }, { "skill": "sdk-team/alibabacloud-cfw-ips-event", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sdk-team/alibabacloud-cfw-ips-event", "rules": [ "ATR-2026-00163" ] }, { "skill": "sdk-team/alibabacloud-emr-cluster-manage", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sdk-team/alibabacloud-emr-cluster-manage", "rules": [ "ATR-2026-00120", "ATR-2026-00163" ] }, { "skill": "sdk-team/alibabacloud-oss-manage-cron-upload", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sdk-team/alibabacloud-oss-manage-cron-upload", "rules": [ "ATR-2026-00123" ] }, { "skill": "sdk-team/alibabacloud-oss-manage-network-probe", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sdk-team/alibabacloud-oss-manage-network-probe", "rules": [ "ATR-2026-00123" ] }, { "skill": "sebclawops/project-loop", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sebclawops/project-loop", "rules": [ "ATR-2026-00163" ] }, { "skill": "seedamir/amir", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/seedamir/amir", "rules": [ "ATR-2026-00121" ] }, { "skill": "senthazalravi/zohoclaw", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/senthazalravi/zohoclaw", "rules": [ "ATR-2026-00121" ] }, { "skill": "senthazalravi/zohoclaw/skills/linkedin-klt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/senthazalravi/zohoclaw/skills/linkedin-klt", "rules": [ "ATR-2026-00121" ] }, { "skill": "senthazalravi/zohoclaw/skills/linkedin-y5b", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/senthazalravi/zohoclaw/skills/linkedin-y5b", "rules": [ "ATR-2026-00121" ] }, { "skill": "seph1709/fb-inbox-forward", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/seph1709/fb-inbox-forward", "rules": [ "ATR-2026-00149" ] }, { "skill": "seph1709/instagram-page", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/seph1709/instagram-page", "rules": [ "ATR-2026-00149" ] }, { "skill": "seph1709/tiktok-page", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/seph1709/tiktok-page", "rules": [ "ATR-2026-00149" ] }, { "skill": "seph1709/x-page", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/seph1709/x-page", "rules": [ "ATR-2026-00149" ] }, { "skill": "seraphetx/dating-pilot", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/seraphetx/dating-pilot", "rules": [ "ATR-2026-00163" ] }, { "skill": "shaharsha/elevenlabs-tts", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shaharsha/elevenlabs-tts", "rules": [ "ATR-2026-00121" ] }, { "skill": "shaoyunhao0107/dingtalk-setup", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shaoyunhao0107/dingtalk-setup", "rules": [ "ATR-2026-00123" ] }, { "skill": "shawnminh/tencent-agent-storage", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shawnminh/tencent-agent-storage", "rules": [ "ATR-2026-00121" ] }, { "skill": "shay0j/security-check", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shay0j/security-check", "rules": [ "ATR-2026-00121" ] }, { "skill": "shenmeng/longterm-memory-manager", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shenmeng/longterm-memory-manager", "rules": [ "ATR-2026-00123" ] }, { "skill": "shenmeng/self-evolution-engine", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shenmeng/self-evolution-engine", "rules": [ "ATR-2026-00123" ] }, { "skill": "shianaixuexi-cell/simple-memory-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shianaixuexi-cell/simple-memory-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "shibing624/learn-from-experience", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shibing624/learn-from-experience", "rules": [ "ATR-2026-00123" ] }, { "skill": "shimmernight/skill-creator-latest", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shimmernight/skill-creator-latest", "rules": [ "ATR-2026-00163" ] }, { "skill": "shylee1/openclaw-skills/proactive-agent-1-2-4-1.0.0", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/shylee1/openclaw-skills/proactive-agent-1-2-4-1.0.0", "rules": [ "ATR-2026-00123" ] }, { "skill": "simbabuddy/open-prose", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/simbabuddy/open-prose", "rules": [ "ATR-2026-00162" ] }, { "skill": "simonlin1212/openclaw-agent-team-orchestration", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/simonlin1212/openclaw-agent-team-orchestration", "rules": [ "ATR-2026-00123" ] }, { "skill": "sixela33/open-stellar", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sixela33/open-stellar", "rules": [ "ATR-2026-00163" ] }, { "skill": "skywalker-lili/jclaw-gemini-deep-research", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/skywalker-lili/jclaw-gemini-deep-research", "rules": [ "ATR-2026-00162" ] }, { "skill": "solomonneas/pentest-commands", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/solomonneas/pentest-commands", "rules": [ "ATR-2026-00122" ] }, { "skill": "solomonneas/s3-pentest-commands", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/solomonneas/s3-pentest-commands", "rules": [ "ATR-2026-00122" ] }, { "skill": "sonyrw/clawdbot-security-suite-bak", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sonyrw/clawdbot-security-suite-bak", "rules": [ "ATR-2026-00120", "ATR-2026-00149" ] }, { "skill": "sonyrw/clawdbot-security-suite-bak/skills/security", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sonyrw/clawdbot-security-suite-bak/skills/security", "rules": [ "ATR-2026-00120", "ATR-2026-00149" ] }, { "skill": "spa3k/cowhorse-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/spa3k/cowhorse-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "sslisen/chat-refiner", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sslisen/chat-refiner", "rules": [ "ATR-2026-00123" ] }, { "skill": "stardreaming/clawguard-detector", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/stardreaming/clawguard-detector", "rules": [ "ATR-2026-00162", "ATR-2026-00120" ] }, { "skill": "stardreaming/clawguard-guardian", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/stardreaming/clawguard-guardian", "rules": [ "ATR-2026-00121" ] }, { "skill": "stefan27-4/deeprecall", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/stefan27-4/deeprecall", "rules": [ "ATR-2026-00123" ] }, { "skill": "stevengonsalvez/bitwarden-bwe", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/stevengonsalvez/bitwarden-bwe", "rules": [ "ATR-2026-00162" ] }, { "skill": "stevenho1394/hk-urbtix-events", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/stevenho1394/hk-urbtix-events", "rules": [ "ATR-2026-00120" ] }, { "skill": "stonega/clawearn/core/security", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/stonega/clawearn/core/security", "rules": [ "ATR-2026-00162" ] }, { "skill": "stoneislandartur/drip-director", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/stoneislandartur/drip-director", "rules": [ "ATR-2026-00163" ] }, { "skill": "sukiraman/canary", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sukiraman/canary", "rules": [ "ATR-2026-00162" ] }, { "skill": "sweesama/mzu-news-briefing", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sweesama/mzu-news-briefing", "rules": [ "ATR-2026-00162" ] }, { "skill": "sxu75374/videochat-withme", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/sxu75374/videochat-withme", "rules": [ "ATR-2026-00121" ] }, { "skill": "taiyangc/nile-markets", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/taiyangc/nile-markets", "rules": [ "ATR-2026-00120" ] }, { "skill": "techtanush/claw-bond", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/techtanush/claw-bond", "rules": [ "ATR-2026-00123" ] }, { "skill": "techtanush/claw-connector", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/techtanush/claw-connector", "rules": [ "ATR-2026-00123" ] }, { "skill": "techtanush/claw-diplomat", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/techtanush/claw-diplomat", "rules": [ "ATR-2026-00123" ] }, { "skill": "tedim52/privy", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tedim52/privy", "rules": [ "ATR-2026-00120" ] }, { "skill": "teman2050/dream/Skill.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/teman2050/dream/Skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "teman2050/dream-memory-manager/Skill.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/teman2050/dream-memory-manager/Skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "teman2050/dream-memoryfilemanager/Skill.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/teman2050/dream-memoryfilemanager/Skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "teman2050/memory-file-manager-teman/Skill.md", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/teman2050/memory-file-manager-teman/Skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "tenequm/agentbox-openrouter", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tenequm/agentbox-openrouter", "rules": [ "ATR-2026-00135" ] }, { "skill": "tenequm/effect-ts", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tenequm/effect-ts", "rules": [ "ATR-2026-00135" ] }, { "skill": "teoslayer/pilot-discord-bridge", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/teoslayer/pilot-discord-bridge", "rules": [ "ATR-2026-00149" ] }, { "skill": "tetsuakira-vk/shopify-product-writer", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tetsuakira-vk/shopify-product-writer", "rules": [ "ATR-2026-00163" ] }, { "skill": "theamericanmaker/bobiverse-replicate", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/theamericanmaker/bobiverse-replicate", "rules": [ "ATR-2026-00120" ] }, { "skill": "thebrierfox/openclaw-security-hardening-toolkit", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thebrierfox/openclaw-security-hardening-toolkit", "rules": [ "ATR-2026-00123" ] }, { "skill": "thedotmack/claude-mem", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thedotmack/claude-mem", "rules": [ "ATR-2026-00123" ] }, { "skill": "theelephantcoder/claw-security-auditor", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/theelephantcoder/claw-security-auditor", "rules": [ "ATR-2026-00121", "ATR-2026-00123" ] }, { "skill": "thepoorsatitagain/merlin-security-sentinel", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thepoorsatitagain/merlin-security-sentinel", "rules": [ "ATR-2026-00123" ] }, { "skill": "thevibestack/deflate", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thevibestack/deflate", "rules": [ "ATR-2026-00123" ] }, { "skill": "thinkingmanyangyang/feishu-calendar-cn", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thinkingmanyangyang/feishu-calendar-cn", "rules": [ "ATR-2026-00149" ] }, { "skill": "thinkingmanyangyang/feishu-calendar-oauth", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thinkingmanyangyang/feishu-calendar-oauth", "rules": [ "ATR-2026-00149" ] }, { "skill": "thinkingmanyangyang/feishu-doc-manager-pro", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thinkingmanyangyang/feishu-doc-manager-pro", "rules": [ "ATR-2026-00149" ] }, { "skill": "thoerner/acorp/acorp-charter", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00164", "reason_en": "Scope hijack attack", "reason_zh": "\u7bc4\u570d\u52ab\u6301\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thoerner/acorp/acorp-charter", "rules": [ "ATR-2026-00164" ] }, { "skill": "thomaslwang/og-openclawguard-test", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/thomaslwang/og-openclawguard-test", "rules": [ "ATR-2026-00162" ] }, { "skill": "tianheihei002/ai-short-drama-director", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tianheihei002/ai-short-drama-director", "rules": [ "ATR-2026-00121" ] }, { "skill": "tiansyao/dozytale-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tiansyao/dozytale-skill", "rules": [ "ATR-2026-00121" ] }, { "skill": "timclawbot/update", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/timclawbot/update", "rules": [ "ATR-2026-00121" ] }, { "skill": "tlreal/skill-creator-4", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tlreal/skill-creator-4", "rules": [ "ATR-2026-00163" ] }, { "skill": "tlxue/everclaw", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tlxue/everclaw", "rules": [ "ATR-2026-00123" ] }, { "skill": "tobewin/china-video-gen", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tobewin/china-video-gen", "rules": [ "ATR-2026-00121" ] }, { "skill": "tobisamaa/world-model", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tobisamaa/world-model", "rules": [ "ATR-2026-00149" ] }, { "skill": "tommot2/context-brief", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tommot2/context-brief", "rules": [ "ATR-2026-00123" ] }, { "skill": "tommot2/workflow-builder-lite", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tommot2/workflow-builder-lite", "rules": [ "ATR-2026-00123" ] }, { "skill": "tsingcode/ppt-compress-master", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tsingcode/ppt-compress-master", "rules": [ "ATR-2026-00121" ] }, { "skill": "ttboy/deep-research1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ttboy/deep-research1", "rules": [ "ATR-2026-00121" ] }, { "skill": "ttboy/deeps", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ttboy/deeps", "rules": [ "ATR-2026-00121" ] }, { "skill": "ttboy/gorger", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ttboy/gorger", "rules": [ "ATR-2026-00121" ] }, { "skill": "tuneeai/free-music-generator", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tuneeai/free-music-generator", "rules": [ "ATR-2026-00163" ] }, { "skill": "tuneeai/tunee-skills", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tuneeai/tunee-skills", "rules": [ "ATR-2026-00163" ] }, { "skill": "tycho-svoboda/tensorpool", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/tycho-svoboda/tensorpool", "rules": [ "ATR-2026-00162" ] }, { "skill": "unclekimwood/self-improving-agent-tuituitu", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/unclekimwood/self-improving-agent-tuituitu", "rules": [ "ATR-2026-00123" ] }, { "skill": "vahnxu/douyin-to-photos", "source": "OpenClaw", "severity": "low", "primary_rule": "ATR-2026-00134", "reason_en": "Matched ATR-2026-00134", "reason_zh": "\u5339\u914d ATR-2026-00134", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/vahnxu/douyin-to-photos", "rules": [ "ATR-2026-00134" ] }, { "skill": "veeramanikandanr48/claude-agent-sdk", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/veeramanikandanr48/claude-agent-sdk", "rules": [ "ATR-2026-00149", "ATR-2026-00163" ] }, { "skill": "vext-labs/vext-shield/tests/fixtures/prompt_injection_skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/vext-labs/vext-shield/tests/fixtures/prompt_injection_skill", "rules": [ "ATR-2026-00128", "ATR-2026-00120", "ATR-2026-00120" ] }, { "skill": "vflame6/agent-guard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/vflame6/agent-guard", "rules": [ "ATR-2026-00120" ] }, { "skill": "violet17/image-ocr-local-aipc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/violet17/image-ocr-local-aipc", "rules": [ "ATR-2026-00149" ] }, { "skill": "violet17/local-image-ocr-aipc", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/violet17/local-image-ocr-aipc", "rules": [ "ATR-2026-00149" ] }, { "skill": "viral-sangani/celo-agent-skills/skills/celo-stablecoins", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/viral-sangani/celo-agent-skills/skills/celo-stablecoins", "rules": [ "ATR-2026-00135" ] }, { "skill": "vishaltandale00/clawmrades", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/vishaltandale00/clawmrades", "rules": [ "ATR-2026-00135" ] }, { "skill": "vitaliisergin/home-assistant-toolkit", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/vitaliisergin/home-assistant-toolkit", "rules": [ "ATR-2026-00162" ] }, { "skill": "vladchatware/notion-agent-memory", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/vladchatware/notion-agent-memory", "rules": [ "ATR-2026-00123" ] }, { "skill": "vswarm-ai/fleet-memory-manager", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/vswarm-ai/fleet-memory-manager", "rules": [ "ATR-2026-00123" ] }, { "skill": "walkamolee/ralph-loop-writer", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/walkamolee/ralph-loop-writer", "rules": [ "ATR-2026-00149" ] }, { "skill": "wangwang0301/background-delivery-sop", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wangwang0301/background-delivery-sop", "rules": [ "ATR-2026-00163" ] }, { "skill": "wangyendt/shell-shortcuts", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wangyendt/shell-shortcuts", "rules": [ "ATR-2026-00149" ] }, { "skill": "waynevaughan/buffer-session", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/waynevaughan/buffer-session", "rules": [ "ATR-2026-00123" ] }, { "skill": "wd041216-bit/openclaw-ultimate-suite/skills/xiaohongshu-mcp", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wd041216-bit/openclaw-ultimate-suite/skills/xiaohongshu-mcp", "rules": [ "ATR-2026-00163" ] }, { "skill": "webray1983/clear-mind", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/webray1983/clear-mind", "rules": [ "ATR-2026-00123" ] }, { "skill": "webray1983/clear-mind-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/webray1983/clear-mind-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "welkeyever/pafh-mini", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/welkeyever/pafh-mini", "rules": [ "ATR-2026-00123" ] }, { "skill": "whoabuddy/aibtc-bitcoin-wallet", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/whoabuddy/aibtc-bitcoin-wallet", "rules": [ "ATR-2026-00149" ] }, { "skill": "whodidthese/my-play-music-from-yt", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/whodidthese/my-play-music-from-yt", "rules": [ "ATR-2026-00163" ] }, { "skill": "whooshinglander/feelslikeclaude", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/whooshinglander/feelslikeclaude", "rules": [ "ATR-2026-00123" ] }, { "skill": "willjefferson0/wallet-test", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/willjefferson0/wallet-test", "rules": [ "ATR-2026-00162" ] }, { "skill": "wistec-ai-it-department/wistec-core", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wistec-ai-it-department/wistec-core", "rules": [ "ATR-2026-00121" ] }, { "skill": "wlinds/soundcloud-watcher", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wlinds/soundcloud-watcher", "rules": [ "ATR-2026-00163" ] }, { "skill": "wm-zqbx/skill-creator-ming", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wm-zqbx/skill-creator-ming", "rules": [ "ATR-2026-00163" ] }, { "skill": "wmantly/porkbun-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wmantly/porkbun-skill", "rules": [ "ATR-2026-00135" ] }, { "skill": "wow-leeroy-jenkins05/shoofly-advanced", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wow-leeroy-jenkins05/shoofly-advanced", "rules": [ "ATR-2026-00162", "ATR-2026-00120", "ATR-2026-00121" ] }, { "skill": "wow-leeroy-jenkins05/shoofly-basic", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wow-leeroy-jenkins05/shoofly-basic", "rules": [ "ATR-2026-00120" ] }, { "skill": "wpank/manage-liquidity", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wpank/manage-liquidity", "rules": [ "ATR-2026-00162" ] }, { "skill": "wscats/bye", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00129", "reason_en": "Unicode smuggling attack", "reason_zh": "Unicode \u593e\u5e36\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wscats/bye", "rules": [ "ATR-2026-00129" ] }, { "skill": "wscats/we", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00140", "reason_en": "Matched ATR-2026-00140", "reason_zh": "\u5339\u914d ATR-2026-00140", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wscats/we", "rules": [ "ATR-2026-00140" ] }, { "skill": "wszhhx/hunyuan-3d", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wszhhx/hunyuan-3d", "rules": [ "ATR-2026-00149" ] }, { "skill": "wszhhx/hunyuan-video", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wszhhx/hunyuan-video", "rules": [ "ATR-2026-00149" ] }, { "skill": "wszhhx/skill-security-guide", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wszhhx/skill-security-guide", "rules": [ "ATR-2026-00149" ] }, { "skill": "wuhongchen/content-collector-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wuhongchen/content-collector-skill", "rules": [ "ATR-2026-00123" ] }, { "skill": "wxtsky/readx", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wxtsky/readx", "rules": [ "ATR-2026-00135" ] }, { "skill": "wyblhl/proactive-agent-wyblhl", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/wyblhl/proactive-agent-wyblhl", "rules": [ "ATR-2026-00123" ] }, { "skill": "x-jihua/video-film-maker-pro", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/x-jihua/video-film-maker-pro", "rules": [ "ATR-2026-00121" ] }, { "skill": "x1ngsec/electron-audit", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/x1ngsec/electron-audit", "rules": [ "ATR-2026-00149" ] }, { "skill": "x1xhlol/agent-hardening", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/x1xhlol/agent-hardening", "rules": [ "ATR-2026-00128", "ATR-2026-00120" ] }, { "skill": "xbillwatsonx/alex-session-wrap-up", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xbillwatsonx/alex-session-wrap-up", "rules": [ "ATR-2026-00123" ] }, { "skill": "xeonai44/autonomous-organization", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xeonai44/autonomous-organization", "rules": [ "ATR-2026-00123" ] }, { "skill": "xiao3333/project-context-anchor", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xiao3333/project-context-anchor", "rules": [ "ATR-2026-00123" ] }, { "skill": "xiaocaijic/vociemaster", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xiaocaijic/vociemaster", "rules": [ "ATR-2026-00121" ] }, { "skill": "xiazai77/product-demo-video", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xiazai77/product-demo-video", "rules": [ "ATR-2026-00121" ] }, { "skill": "xintaoliao/polymarket-strategic-paper-trader", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xintaoliao/polymarket-strategic-paper-trader", "rules": [ "ATR-2026-00163" ] }, { "skill": "xinyue-wang/xinywacodinghelper", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xinyue-wang/xinywacodinghelper", "rules": [ "ATR-2026-00163" ] }, { "skill": "xuchuanyu1/memory-auto-manager", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xuchuanyu1/memory-auto-manager", "rules": [ "ATR-2026-00123" ] }, { "skill": "xuezhouyang/conduxt", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xuezhouyang/conduxt", "rules": [ "ATR-2026-00123" ] }, { "skill": "xuhongfeii2/shuziren-koubo-shengcheng", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xuhongfeii2/shuziren-koubo-shengcheng", "rules": [ "ATR-2026-00135" ] }, { "skill": "xwz119/memory-dream-consolidation", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/xwz119/memory-dream-consolidation", "rules": [ "ATR-2026-00123" ] }, { "skill": "y01026350884-cyber/scam-guards/test_scenarios/malicious", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/y01026350884-cyber/scam-guards/test_scenarios/malicious", "rules": [ "ATR-2026-00121", "ATR-2026-00121" ] }, { "skill": "ya7ya/agentic-x402", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ya7ya/agentic-x402", "rules": [ "ATR-2026-00162" ] }, { "skill": "yangjinghua0127/url2podcast", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yangjinghua0127/url2podcast", "rules": [ "ATR-2026-00121" ] }, { "skill": "yangwenyu2/agent-memento", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yangwenyu2/agent-memento", "rules": [ "ATR-2026-00120" ] }, { "skill": "yequanzheng/lesson3", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yequanzheng/lesson3", "rules": [ "ATR-2026-00163" ] }, { "skill": "yhy0/audit-skills-security", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yhy0/audit-skills-security", "rules": [ "ATR-2026-00120" ] }, { "skill": "yiouli/eval-driven-dev", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yiouli/eval-driven-dev", "rules": [ "ATR-2026-00123" ] }, { "skill": "yiyi-9/openclaw-skill-vetter-1-0-0", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yiyi-9/openclaw-skill-vetter-1-0-0", "rules": [ "ATR-2026-00162", "ATR-2026-00121" ] }, { "skill": "ylzha/shopprentice", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ylzha/shopprentice", "rules": [ "ATR-2026-00163" ] }, { "skill": "yoder-bawt/yoder-skill-auditor/test-skills/malicious-prompt-injection", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yoder-bawt/yoder-skill-auditor/test-skills/malicious-prompt-injection", "rules": [ "ATR-2026-00128", "ATR-2026-00120" ] }, { "skill": "yoder-bawt/yoder-skill-auditor/tests/malicious-prompt-injection", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yoder-bawt/yoder-skill-auditor/tests/malicious-prompt-injection", "rules": [ "ATR-2026-00128", "ATR-2026-00120" ] }, { "skill": "ypw757/bocha-skill", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/ypw757/bocha-skill", "rules": [ "ATR-2026-00135" ] }, { "skill": "yuhong-cray/tianji-fengshui", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yuhong-cray/tianji-fengshui", "rules": [ "ATR-2026-00121" ] }, { "skill": "yunni123/ark-video-storyboard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yunni123/ark-video-storyboard", "rules": [ "ATR-2026-00121" ] }, { "skill": "yunni123/md-to-nanobanana-ppt", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yunni123/md-to-nanobanana-ppt", "rules": [ "ATR-2026-00121" ] }, { "skill": "yuyonghao-123/agent-benchmark", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yuyonghao-123/agent-benchmark", "rules": [ "ATR-2026-00149" ] }, { "skill": "yuyonghao-123/yuyonghao-agent-benchmark", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yuyonghao-123/yuyonghao-agent-benchmark", "rules": [ "ATR-2026-00149" ] }, { "skill": "yuyonghao-123/yuyonghao-mcp-client", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yuyonghao-123/yuyonghao-mcp-client", "rules": [ "ATR-2026-00149" ] }, { "skill": "yuyonghao-123/yuyonghao-proactive-agent", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/yuyonghao-123/yuyonghao-proactive-agent", "rules": [ "ATR-2026-00123" ] }, { "skill": "zaycv/autoupdater", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/autoupdater", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/blrd", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/blrd", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/browserautomation", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/browserautomation", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/clawbhub", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/clawbhub", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/clawdhab", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/clawdhab", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/clawhub", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/clawhub", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/clawhub1", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/clawhub1", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/clawhud", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/clawhud", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/codingagent", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/codingagent", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/deepresearch", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/deepresearch", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/googleworkspace", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/googleworkspace", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/linkedin-job-application", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/linkedin-job-application", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/nano-bananapro", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/nano-bananapro", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/nanopdf", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/nanopdf", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/polymarket-assistant", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/polymarket-assistant", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/polymarket-hyperliquid-trading", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/polymarket-hyperliquid-trading", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/polymarket-trading", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/polymarket-trading", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/summarlze", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/summarlze", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/whatsapp", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/whatsapp", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/youtubewatcher", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/youtubewatcher", "rules": [ "ATR-2026-00121" ] }, { "skill": "zaycv/yt-watcher", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zaycv/yt-watcher", "rules": [ "ATR-2026-00121" ] }, { "skill": "zendenho7/skill-install-guardian", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zendenho7/skill-install-guardian", "rules": [ "ATR-2026-00163" ] }, { "skill": "zengyuxiu/metasploit-skill", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zengyuxiu/metasploit-skill", "rules": [ "ATR-2026-00122" ] }, { "skill": "zhanglinghao01-rakuten/pet-video-narration", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zhanglinghao01-rakuten/pet-video-narration", "rules": [ "ATR-2026-00121" ] }, { "skill": "zhaog100/openclaw-context-manager", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zhaog100/openclaw-context-manager", "rules": [ "ATR-2026-00123" ] }, { "skill": "zhenstaff/human-rent", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zhenstaff/human-rent", "rules": [ "ATR-2026-00135" ] }, { "skill": "zhuxiaobao-y/sx-self-safety-guard", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zhuxiaobao-y/sx-self-safety-guard", "rules": [ "ATR-2026-00120" ] }, { "skill": "zihaofeng2001/skill-creator-pro", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zihaofeng2001/skill-creator-pro", "rules": [ "ATR-2026-00163" ] }, { "skill": "zscole/bagman", "source": "OpenClaw", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zscole/bagman", "rules": [ "ATR-2026-00135" ] }, { "skill": "zurbrick/agent-memory-loop", "source": "OpenClaw", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://openclaw.com/skills/zurbrick/agent-memory-loop", "rules": [ "ATR-2026-00123" ] }, { "skill": "anthropics/command-development.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/anthropics/command-development", "rules": [ "ATR-2026-00123" ] }, { "skill": "anthropics/skill-creator.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/anthropics/skill-creator", "rules": [ "ATR-2026-00163" ] }, { "skill": "getsentry/sentry-sdk-skill-creator.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/getsentry/sentry-sdk-skill-creator", "rules": [ "ATR-2026-00123" ] }, { "skill": "github/arize-ai-provider-integration.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00135", "reason_en": "Exfiltration URL in instructions", "reason_zh": "\u6307\u4ee4\u4e2d\u7684\u8cc7\u6599\u5916\u6d29 URL", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/github/arize-ai-provider-integration", "rules": [ "ATR-2026-00135" ] }, { "skill": "github/eval-driven-dev.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/github/eval-driven-dev", "rules": [ "ATR-2026-00163" ] }, { "skill": "github/image-manipulation-image-magick.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/github/image-manipulation-image-magick", "rules": [ "ATR-2026-00149" ] }, { "skill": "obra/windows-vm.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/obra/windows-vm", "rules": [ "ATR-2026-00149" ] }, { "skill": "resciencelab/archive.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/resciencelab/archive", "rules": [ "ATR-2026-00123" ] }, { "skill": "roin-orca/test.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00129", "reason_en": "Unicode smuggling attack", "reason_zh": "Unicode \u593e\u5e36\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/roin-orca/test", "rules": [ "ATR-2026-00129" ] }, { "skill": "sickn33/active-directory-attacks.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/active-directory-attacks", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/agents-md.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/agents-md", "rules": [ "ATR-2026-00123" ] }, { "skill": "sickn33/aws-penetration-testing.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/aws-penetration-testing", "rules": [ "ATR-2026-00149" ] }, { "skill": "sickn33/broken-authentication.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/broken-authentication", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/claude-in-chrome-troubleshooting.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/claude-in-chrome-troubleshooting", "rules": [ "ATR-2026-00149" ] }, { "skill": "sickn33/cloud-penetration-testing.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/cloud-penetration-testing", "rules": [ "ATR-2026-00149" ] }, { "skill": "sickn33/diary.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00163", "reason_en": "Hidden override instructions", "reason_zh": "\u96b1\u85cf\u7684\u8986\u5beb\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/diary", "rules": [ "ATR-2026-00163" ] }, { "skill": "sickn33/ethical-hacking-methodology.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/ethical-hacking-methodology", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/html-injection-testing.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/html-injection-testing", "rules": [ "ATR-2026-00120" ] }, { "skill": "sickn33/linear-claude-skill.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/linear-claude-skill", "rules": [ "ATR-2026-00162" ] }, { "skill": "sickn33/linux-privilege-escalation.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/linux-privilege-escalation", "rules": [ "ATR-2026-00121", "ATR-2026-00122" ] }, { "skill": "sickn33/linux-shell-scripting.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/linux-shell-scripting", "rules": [ "ATR-2026-00149" ] }, { "skill": "sickn33/local-llm-expert.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/local-llm-expert", "rules": [ "ATR-2026-00120" ] }, { "skill": "sickn33/metasploit-framework.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/metasploit-framework", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/pentest-checklist.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/pentest-checklist", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/pentest-commands.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/pentest-commands", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/privilege-escalation-methods.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/privilege-escalation-methods", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/scanning-tools.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/scanning-tools", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/semgrep-rule-creator.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00126", "reason_en": "Rug pull setup (delayed malicious update)", "reason_zh": "Rug pull\uff08\u5ef6\u9072\u60e1\u610f\u66f4\u65b0\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/semgrep-rule-creator", "rules": [ "ATR-2026-00126" ] }, { "skill": "sickn33/skill-scanner.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00123", "reason_en": "Over-privileged skill permissions", "reason_zh": "\u904e\u5ea6\u6388\u6b0a\u7684 Skill \u6b0a\u9650", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/skill-scanner", "rules": [ "ATR-2026-00123" ] }, { "skill": "sickn33/smtp-penetration-testing.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/smtp-penetration-testing", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/sqlmap-database-pentesting.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/sqlmap-database-pentesting", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/ssh-penetration-testing.md", "source": "Skills.sh", "severity": "high", "primary_rule": "ATR-2026-00122", "reason_en": "Hidden data exfiltration command", "reason_zh": "\u96b1\u85cf\u7684\u8cc7\u6599\u5916\u6d29\u6307\u4ee4", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/ssh-penetration-testing", "rules": [ "ATR-2026-00122" ] }, { "skill": "sickn33/varlock.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/varlock", "rules": [ "ATR-2026-00162" ] }, { "skill": "sickn33/windows-privilege-escalation.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/windows-privilege-escalation", "rules": [ "ATR-2026-00121", "ATR-2026-00122" ] }, { "skill": "sickn33/wordpress-penetration-testing.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/wordpress-penetration-testing", "rules": [ "ATR-2026-00121", "ATR-2026-00122" ] }, { "skill": "sickn33/xss-html-injection.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/sickn33/xss-html-injection", "rules": [ "ATR-2026-00120", "ATR-2026-00126" ] }, { "skill": "useai-pro/prompt-guard.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00128", "reason_en": "Hidden payload in HTML comments", "reason_zh": "HTML \u8a3b\u89e3\u4e2d\u7684\u96b1\u85cf\u653b\u64ca", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/useai-pro/prompt-guard", "rules": [ "ATR-2026-00128", "ATR-2026-00120" ] }, { "skill": "useai-pro/skill-auditor.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00120", "reason_en": "Prompt injection in skill instructions", "reason_zh": "Skill \u6307\u4ee4\u4e2d\u7684\u63d0\u793a\u6ce8\u5165", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/useai-pro/skill-auditor", "rules": [ "ATR-2026-00120" ] }, { "skill": "vercel/env-vars.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/vercel/env-vars", "rules": [ "ATR-2026-00162" ] }, { "skill": "vercel-labs/env-vars.md", "source": "Skills.sh", "severity": "critical", "primary_rule": "ATR-2026-00162", "reason_en": "Credential access + exfiltration combo", "reason_zh": "\u6191\u8b49\u5b58\u53d6 + \u5916\u6d29\u7d44\u5408", "threat_actor": null, "confirmed_malware": false, "link": "https://skills.sh/skill/vercel-labs/env-vars", "rules": [ "ATR-2026-00162" ] }, { "skill": "optional-skills/devops/docker-management", "source": "Hermes", "severity": "critical", "primary_rule": "ATR-2026-00149", "reason_en": "Compound credential exfiltration (SSH/wallet/DNS)", "reason_zh": "\u8907\u5408\u6191\u8b49\u5916\u6d29\uff08SSH/\u9322\u5305/DNS\uff09", "threat_actor": null, "confirmed_malware": false, "link": "https://github.com/NousResearch/hermes-skills/tree/main/optional-skills/devops/docker-management", "rules": [ "ATR-2026-00149" ] }, { "skill": "skills/creative/manim-video", "source": "Hermes", "severity": "critical", "primary_rule": "ATR-2026-00121", "reason_en": "Credential theft via tool description", "reason_zh": "\u900f\u904e\u5de5\u5177\u63cf\u8ff0\u7aca\u53d6\u6191\u8b49", "threat_actor": null, "confirmed_malware": false, "link": "https://github.com/NousResearch/hermes-skills/tree/main/skills/creative/manim-video", "rules": [ "ATR-2026-00121" ] } ] }