Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key โ†’
โ† Back to dashboard
clawsmith.com/signal/clawhavoc-824-malicious-skills-openclaw-supply-chain
โš  IssueUnderservedLive

ClawHavoc Escalates to 824 Malicious ClawHub Skills with 20% of Ecosystem Compromised

The ClawHavoc supply chain attack expanded from 341 to 824+ confirmed malicious skills across 10700+ ClawHub skills, with Bitdefender placing the figure near 900 (roughly 20% of total registry). Attack vector: fake prerequisite installs deploying Atomic macOS Stealer (AMOS) and Windows RAT variants, exfiltrating API keys and credentials. Skills masqueraded as crypto wallets, YouTube tools, and calendar syncs.

Product Idea from this Signal

A CLI security scanner that intercepts and blocks malicious ClawHub skills before they compromise your OpenClaw instance

183.3k โ–ฒ

ClawHub has 824+ malicious skills in circulation. 12% of published skills contain malicious code, supply chain rug-pulls, or data exfiltration payloads like AMOS stealer and ClawHavoc. OpenClaw's built-in VirusTotal integration only catches known signatures after publication, leaving zero-day threats and behavioral exploits wide open. This tool sits between ClawHub and your install command, running behavioral analysis, permission auditing, and network call inspection on every skill before it touches your system.

CLIOPEN-SOURCESECURITYDEVTOOL
Competitive75 leadsView Opportunity โ†’

Score Breakdown

HN
930
GitHub
34

Social Proof 3 sources

HN
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
2/1/2026
660HN
OpenClaw agents targeted with 341 malicious ClawHub skills
2/1/2026
270GH
openclaw-security-monitor: Proactive security monitoring detecting ClawHavoc and AMOS stealer
gh:adibirzu ยท 2/1/2026
34

Existing Solutions 2 competitors

openclaw-security-monitor30 stars early stage

Proactive security monitoring for OpenClaw deployments detecting ClawHavoc AMOS stealer CVE-2026-25253 and supply chain attacks

VirusTotal ClawHub scannermanual only no pre-install automation

Manual VirusTotal integration for checking ClawHub skills before install

Gap Assessment

UnderservedExisting solutions leave gaps

SecureClaw, VirusTotal integration, and OpenClaw Scanner exist but none provide automated real-time skill scanning pre-install.

Virality Score
964
across 0 platforms
Details
Signalissue
Ecosystemโ€”
Sources3
Platforms0
Updated8d ago
Trendโ†’ stable
Top ideas
All ideas โ†’
26.1MA pre-publish scanner that strips source maps, secrets, and internal code from npm packages before they ship to the registry2.2MA routing middleware that pairs an expensive advisor model with a cheap executor model for OpenClaw agents, cutting API costs by 80% while maintaining output quality892.2KA web dashboard that finds revenue gaps and saturated niches across 180+ OpenClaw startups in real time
Related signals
All signals โ†’
93KAgents of Chaos: 38 Researchers Deploy 6 OpenClaw Agents โ€” 11 Critical Failure Patterns in 14 Days35.7KCapability Evolver โ€” #1 ClawHub Skill (35K Downloads) Caught Exfiltrating Data to ByteDance Feishu13.3KIronClaw: NEAR AI Rust OpenClaw Rewrite โ€” WASM Sandbox, LLM Never Touches Secrets (11.3K Stars)