300+ Trojanized GitHub Packages Target OpenClaw Docker Users with LuaJIT Credential Stealer

Netskope Threat Labs just dropped a report that should make every OpenClaw self-hoster uncomfortable. Over 300 GitHub packages disguised as "OpenClaw Docker deployer" tools have been caught distributing a multi-stage LuaJIT Trojan. It captures screenshots, geolocates victims, steals credentials, and ships everything to command-and-control servers located in Frankfurt.

This is the largest supply chain attack targeting the OpenClaw ecosystem to date.

What Netskope Found

The attack is industrial in scale. Previous supply chain attempts against OpenClaw involved one or two rogue packages. This operation deployed 300+ packages, all mimicking legitimate Docker deployment tooling. The names were convincing. Things like openclaw-docker-setup, oc-deploy-helper, openclaw-compose-quick. Exactly what someone would search for when trying to self-host OpenClaw with Docker.

According to Netskope's analysis, the infection chain works in stages. First, the package installs what looks like a normal deployment script. Then a LuaJIT-based Trojan activates in the background. It captures screenshots of your desktop, geolocates your IP, harvests stored credentials from browsers and SSH keys, then exfiltrates everything to C2 servers.

The Frankfurt-based C2 infrastructure is interesting. Hosting command-and-control in a major European data center hub instead of typical offshore locations suggests a more sophisticated operation.

Why This Matters

300+ packages isn't a lone hacker tossing malware into the void. That's a coordinated campaign specifically targeting people who search GitHub for OpenClaw deployment scripts. And there are a lot of those people. OpenClaw's Docker deployment docs are good, but they're dense. The temptation to grab a "one-click deployer" from GitHub is real.

I think the timing is deliberate too. OpenClaw adoption has accelerated hard in Q1 2026. More first-time users means more people searching for shortcuts.

How to Protect Yourself

If you're deploying OpenClaw with Docker, here's what you need to do right now. Only install packages from the official OpenClaw GitHub repository. Verify package authors before running anything. Use openclaw plugins install for plugins, which checks ClawHub first (available since v2026.3.22). And never run random Docker deployment scripts from unknown GitHub users. Honestly, just don't.

If you've installed any suspicious packages recently, rotate your API keys and check for unfamiliar SSH keys on your system.

Or skip all of this entirely. ClawHosters managed hosting means no Docker scripts, no GitHub package hunting, no exposure to supply chain attacks. One-click deploy on verified infrastructure, and you're running in under a minute.