TechFlow reports that on February 20, according to Awesome Agents, security researchers discovered a severe supply-chain attack against OpenClaw’s ClawHub plugin marketplace, confirming 1,184 malicious skills. These malicious skills can steal SSH keys, cryptocurrency wallets, and browser passwords, and establish reverse shells.
The research shows that a single attacker uploaded 677 malicious packages—57% of the total malicious list. Meanwhile, 36.8% of all skills on ClawHub contain at least one security vulnerability, and over 135,000 exposed OpenClaw instances have been identified across 82 countries worldwide.
The most popular malicious skill, “What Would Elon Do,” was found to contain nine vulnerabilities—including two rated as critical—and achieved the top ranking via 4,000 fake downloads. These malicious skills primarily leverage the “ClickFix” social engineering technique and prompt injection attacks to target both end users and AI agents.
OpenClaw has partnered with VirusTotal to scan all skills and remove the malicious ones from the list. Security experts recommend that users who have employed ClawHub skills rotate all credentials, revoke API keys, and review their security settings.
