All articles tagged with #clawhub
OpenClaw will scan every skill uploaded to ClawHub with VirusTotal (and Code Insight) via a SHA-256 hash check; benign results auto-approve, suspicious items warning, and malware blocked, with daily re-scans, while the team notes VirusTotal isn’t a silver bullet and will publish a threat model, security roadmap, and audits amid broader concerns over OpenClaw’s risk to enterprise security.
Security researchers found 341 malicious skills in ClawHub’s OpenClaw marketplace out of 2,857 analyzed, linked to the ClawHavoc campaign that pushes a macOS data-stealer via fake prerequisites and staged installers, exfiltrating API keys and credentials. Attackers use a GitHub installer flow, obfuscated scripts, and a C2 server (91.92.242.30) to fetch payloads, highlighting supply‑chain-like risks in open-source AI tooling. OpenClaw has added a reporting feature to auto‑hide disputed skills after multiple reports, while researchers warn about memory-based, delayed-execution attacks enabled by persistent AI agent state.