GhostClaw Malware Expands: AI-Assisted macOS Infostealer Now Targets AI Agent Dev Workflows via GitHub Skills
GhostClaw, the AI-assisted macOS infostealer first documented as a threat to npm package ecosystems, has expanded its reach. Jamf Threat Labs has confirmed that the malware family — also tracked as GhostLoader — is now targeting AI agent development workflows through malicious “skills” distributed via GitHub repositories. Critically, OpenClaw’s SKILL system has been identified as a confirmed abuse vector. This is not a theoretical supply chain risk. It’s an active, documented campaign that every developer working with AI agent frameworks — particularly those using OpenClaw or similar skill-based architectures — needs to know about. ...