Almost 400 fake crypto trading add-ons in the Moltbot/OpenClaw AI assistant project have been discovered, potentially leading users to install information-stealing malware. These add-ons, known as skills, masquerade as cryptocurrency trading automation tools and target various platforms. The malicious skills share the same command-and-control infrastructure and use social engineering to convince users to execute commands that steal crypto assets. The supply chain attack relies on social engineering and lacks security review in the skills publication process. Security experts warn about the inherent risks of endpoint-native AI agents and emphasize the need for proper security controls and architectural design considerations.