Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key →
← Back to dashboard
clawsmith.com/signal/openclaw-clawhavoc-824-malicious-skills-supply-chain
IssueWide OpenLive

ClawHavoc: 824+ Malicious Skills Found in ClawHub Marketplace Supply Chain Crisis

Koi Security audit found 341 malicious skills in ClawHub (335 distributing Atomic Stealer macOS malware). Number grew to 824+ across 10,700+ skills. Skills exfiltrate credentials, open reverse shells, hijack WebSocket sessions. VirusTotal partnership announced Feb 2026 as response.

Product Idea from this Signal

A runtime middleware that intercepts OpenClaw skill installs, sandboxes execution in an isolated environment, and blocks skills exhibiting credential exfiltration or reverse shell behavior

345

824+ malicious skills were found in ClawHub distributing Atomic Stealer malware, exfiltrating credentials from ~/.clawdbot/.env, and opening reverse shells. VirusTotal scanning catches known signatures but misses zero-day behavior. Four chained CVEs (Claw Chain) showed sandbox escapes via TOCTOU race conditions. This middleware sits between ClawHub install and execution, running each skill in a throwaway container, monitoring syscalls and network egress, and blocking anything that touches credential files or opens outbound connections to unknown hosts.

RUNTIME-MIDDLEWARESECURITYOPEN-SOURCEDEVTOOLCONTAINER
CompetitiveView Opportunity →

Social Proof 3 sources

BL
341 Malicious ClawHub Skills (TheHackerNews)
2/15/2026
0BL
From Automation to Infection (VirusTotal Blog)
2/9/2026
0BL
Hundreds of Malicious Skills (eSecurity Planet)
2/20/2026
0
Virality Score
0
across 0 platforms
Details
Signalissue
Ecosystem
Sources3
Platforms0
Updated9d ago
Trend→ stable
Top ideas
All ideas →
0A GitHub App that enforces AI agent contribution policies, detects bot-authored PRs, and blocks retaliatory behavior after maintainer rejection0A local-first sales automation framework that turns OpenClaw agents into autonomous SDRs with prospecting, enrichment, sequencing, and deal tracking running entirely on your machine0A runtime middleware that verifies messaging channel user identities against platform-native stable IDs before any command reaches an OpenClaw agent
Related signals
All signals →
449KOpenClaw v2026.5.25-alpha: Sub-Agent Context Isolation Limits Data Leakage by Default445KOpenClaw v2026.5.22 Meeting Notes Plugin - Discord Voice First Live Source374KOpenClaw v2026.5.28 Beta — Stronger Security Boundaries, Codex Reliability, Channel Fixes