Critical vulnerability in ClawHub allowed attackers to manipulate skill rankings, leading to potential supply-chain attacks. OpenClaw team has patched the issue. #CyberSecurity #OpenClaw #ClawHub Link: thedailytechfeed.com/clawhub-vuln...

كشف مؤسس #SlowMist عن رصد 1,184 مهارة خبيثة في سوق #ClawHub قادرة على سرقة مفاتيح #SSH وتشفير محافظ المستخدمين والوصول لكلمات السر. يُنصح المستخدمون بالحذر الشديد عند التعامل مع الأدوات غير الموثوقة لضمان أمن أصولهم. #Security #CyberAttack #Crypto #أمن

If you do install from ClawHub, check the #VirusTotal report and ideally wait for the #ClawHub evaluation first.

At minimum, please read the full SKILL MD before installing. Look at the publisher's account age, history, and their track record to infer reputation.

OpenClaw Founder Peter Steinberger Joins OpenAI for AI Agents OpenAI has hired OpenClaw founder Peter Steinberger to lead autonomous AI agent development as CEO Sam Altman advances the company's multi-agent vision.

winbuzzer.com/2026/02/16/o...

OpenClaw Founder Peter Steinberger Joins OpenAI for AI Agents

#AI #AIAgents #OpenClaw #OpenAI #SamAltman #PeterSteinberger #PersonalAIAgents #Clawhub

GitHub - DracoBlue/clawlet Contribute to DracoBlue/clawlet development by creating an account on GitHub.

I pushed the first version of clawlet, which is like a 1200 linea of code version trying to cover my use case and giving me understanding how openclaw (amazing piece of AI work!) works.

github.com/DracoBlue/cl...

#BuildInPublic #clawhub #openclaw #clawlet

Cybercriminals exploit ClawHub skills to bypass VirusTotal detection via social engineering. Stay vigilant! #CyberSecurity #ClawHub #Malware #SocialEngineering Link: thedailytechfeed.com/cybercrimina...

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills OpenClaw integrates VirusTotal Code Insight scanning for ClawHub skills following reports of malicious plugins, prompt injection & exposed instances.

What do YOU think?
#OpenClaw Integrates #VirusTotal Scanning to Detect #Malicious #ClawHub Skills

thehackernews.com/2026/02/open...

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills warning if they are deemed suspect read more about OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills reconbee.com/openclaw-int...

#OpenClaw #virustotalscanning #malicious #ClawHub #cybersecurity #cyberattacks

ClawHub hosts AI agent skills enabling supply chain attacks ClawHub contains malicious skills and prompts, noted SlowMist in its latest preview of the marketplace. AI bot skills may contain stealer...

#News #ClawHub #openclaw

Origin | Interest | Match

ClawHub hosts AI agent skills enabling supply chain attacks ClawHub contains malicious skills and prompts, noted SlowMist in its latest preview of the marketplace. AI bot skills may contain stealer...

#News #ClawHub #openclaw

Origin | Interest | Match

Did you know the new OpenClaw AI agent is being weaponized to push Trojan-laden ClawHub skills? Researchers spotted the Atomic Stealer payload on VirusTotal. Dive into the details and see what this means for cybersecurity. #OpenClaw #ClawHub #Malware

🔗 aidailypost.com/news/opencla...

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now scanned using VirusTotal's threat intelligence, including their new Code Insight capability,"

iT4iNT SERVER OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills VDS VPS Cloud #CyberSecurity #MalwareProtection #VirusTotal #ClawHub #OpenClaw

Researchers Find 341 Malicious ClawHub
Read More: buff.ly/nejRZq9

#SupplyChainAttack #MaliciousExtensions #AIAppSecurity #ClawHub #AtomicStealer #Keylogger #ThreatResearch #SoftwareSecurity

winbuzzer.com/2026/02/03/o...

OpenClaw Security Fallout: 341 Malicious Skills and Enabling One-Click Remote Code Execution

#AIAgents #OpenClaw #Cybersecurity #SecurityVulnerabilities #Malware #AgenticAI #OpenSource #ClawHub

Experts Find Malicious ClawHub Skills Stealing Data from OpenClaw Koi Security’s security audit of 2,857 skills on ClawHub found 341 malicious skills via multiple campaigns. Users are exposed to new supply chain threats.  ClawHub is a marketplace made to help OpenClaw users in finding and installing third-party skills. It is a part of the OpenClaw project, a self-hosted artificial intelligence (AI) assistant aka Moltbot and Clawdbot.  Koi Security's analysis with OpenClaw bot “Alex” revealed that 335 skills use malicious pre-requisite to install an Apple macOS stealer called (Atomic Stealer). The activity goes by the code name ClawHavoc.  According to Koi research Oren Yomtov, "You install what looks like a legitimate skill – maybe solana-wallet-tracker or youtube-summarize-pro. The skill's documentation looks professional. But there's a 'Prerequisites' section that says you need to install something first.” Instruction steps: Windows users are asked to download file “openclaw-agent.zip” from a GitHub repository. macOS users are asked to copy an installation script hosted at glot[.]io and paste it in the Terminal application.  Threat actors are targeting macOS users because of an increase in purchase of Mac Minus to use the AI assistant 24x7.  In the password-protected archive, the trojan has keylogging functionality to steal credentials, API keys, and other important data on the device. Besides this, the glot[.]io script includes hidden shell commands to retrieve next-stage payloads from a threat-actor controlled infrastructure.  This results in getting another IP address ("91.92.242[.]30") to get another shell script, which is modified to address the same server to get a universal Mach-O binary that shows traits persistent with Atomic Stealer, a commodity stealer that threat actors can buy for $500-1000/month that can extract data from macOS hosts. The issue is that anyone can post abilities to ClawHub because it is open by default. At this point, the only requirement is that a publisher have a GitHub account that is at least a week old.  Peter Steinberger, the founder of OpenClaw, is aware of the problem with malicious abilities and has subsequently implemented a reporting option that enables users who are signed in to report a skill. According to the documentation, "Each user can have up to 20 active reports at a time," "Skills with more than 3 unique reports are auto-hidden by default.”

Experts Find Malicious ClawHub Skills Stealing Data from OpenClaw #Audit #ClawHub #CyberAttacks

Alert: 341 malicious skills found on ClawHub, targeting OpenClaw users with data-stealing malware. Stay vigilant and report suspicious activities. #CyberSecurity #OpenClaw #ClawHub #MalwareAlert Link: thedailytechfeed.com/clawhub-secu...

"Researchers Find 341 Malicious #ClawHub #Skills Stealing Data from #OpenClaw Users"

#AI #AgenticAI #Security

thehackernews.com/2026/02/researchers-find...