MalwareMay 11, 2026

We analyzed Heartflabrace/Doubao-Claw A malicious "AI skill" posing as a Volcengine/ByteDance Do...

Zscaler discovers malicious AI skill posing as ByteDance Doubao CLI in OpenClaw ecosystem.

Summary

Zscaler identified a malicious "AI skill" disguised as a legitimate Volcengine/ByteDance Doubao command-line interface tool, part of the broader OpenClaw malware ecosystem previously exposed. The malware uses sophisticated social engineering, including 7,000 words of convincing documentation, FAQs, and architecture diagrams to deceive victims. This represents an evolution in supply-chain and open-source ecosystem attacks targeting developers.

Indicators of Compromise

malware — Heartflabrace
malware — Doubao-Claw

Entities

ByteDance (vendor)Volcengine (vendor)Doubao (product)Zscaler (vendor)OpenClaw (campaign)