What is the ClawHavoc attack?

A supply chain attack planting 1,400+ malicious skills on ClawHub disguised as productivity tools.

What did malicious ClawHub skills do?

Stole credentials, opened reverse shells, distributed Atomic Stealer (AMOS) malware on macOS.

Can VirusTotal detect them?

No — researchers found 6,487 malicious agent tools VirusTotal could not detect.

How many total skills are on ClawHub?

10,700+ total, with 1,400+ confirmed malicious as of April 2026.

How do I check if my skills are safe?

Use third-party scanners like SkillFortify and audit against the Koi Security published list.

← Back to dashboard

clawsmith.com/signal/clawhavoc-1400-malicious-skills-clawhub-supply-chain

⚠ IssueWide OpenLive

ClawHavoc Supply Chain Attack: 1,400+ Malicious Skills on ClawHub

Koi Security found 341 malicious skills in initial audit of 2,857 ClawHub skills. By Feb 16 count grew to 824+ across 10,700+ skills. By April, 1,400+ confirmed. ClawHavoc bundled AMOS macOS infostealers into skills disguised as Gmail, Notion, Slack, GitHub tools. One skill opened a reverse shell. VirusTotal could not detect 6,487 malicious agent tools.

Product Idea from this Signal

A CLI tool that generates a go/no-go security report for OpenClaw deployment decisions by scoring CVE exposure, skill supply chain risk, and trust indicators

1.3k ▲

OpenClaw accumulated 138 CVEs in 63 days (41% High/Critical), 1,400+ malicious skills infiltrated ClawHub, Forrester and Palo Alto Networks publicly called it dead, and Meta banned it internally after an agent mass-deleted 200+ emails. Engineering teams now face a binary question: can we deploy this, or should we migrate? This CLI tool scans your specific OpenClaw instance, scores it against the full CVE timeline and ClawHavoc indicators, and outputs a single go/no-go recommendation with the evidence trail an engineering manager can hand to their VP.

CLIOPEN-SOURCESECURITYCOMPLIANCEDEVTOOL

CompetitiveView Opportunity →