820 Malicious Skills Found in OpenClaw's ClawHub Marketplace

Malicious Skills in ClawHub Marketplace
OpenClaw's ClawHub marketplace contains over 10,000 installable skills that extend what AI agents can do. Security researchers recently reported that 820 of these skills contain confirmed malware with actual malicious payloads.
Specific Malicious Behaviors Found
The analysis identified concrete malicious components including:
- Keyloggers
- Data-exfiltration scripts
- Hidden shell commands
- Background processes sending files to external servers
These are not just suspicious behaviors or poorly written code, but confirmed malware with malicious payloads.
Security Implications
Installing affected skills could give attackers access to:
- Local files
- Credentials
- Project data
The level of access depends on permissions granted to the AI agent. ClawHub skills function similarly to npm packages or browser extensions, meaning they can execute code and interact with the local environment. This creates supply-chain style security risks where malicious code can be introduced through third-party extensions.
Marketplace Security Concerns
The discovery raises questions about whether AI marketplaces like ClawHub are moving faster than their security models can handle, or if this represents typical growing pains for a new ecosystem. The scale of the issue (820 out of 10,000+ skills) suggests significant security challenges in vetting third-party extensions for AI agents.
📖 Read the full source: r/openclaw
👀 See Also

OpenClaw Blocked a Sketchy Script From a Productivity Playbook, Then Continued Building Financial Workbook
A user gave OpenClaw a zip with a suspicious productivity playbook. OpenClaw refused to run the script, flagged it for auto-installing into the skills directory, and manually built the workbook using built-in skills.

Claude Android App Reportedly Reads Clipboard Without Explicit User Action
A user reports that the Claude Android app analyzed code from their clipboard without them pasting it, with Claude identifying the file as pasted_text_b4a56202-3d12-43c8-aa31-a39367a9a354.txt. The behavior couldn't be reproduced in subsequent tests.

OpenClaw API Key Security: What You Need to Know About Managed Hosting and TEE
A Reddit post breaks down the risks of handing your Anthropic API key to a managed OpenClaw host and explains how TEE (Intel TDX) can isolate keys at the hardware level.

Open-source RAG attack and defense lab for local ChromaDB + LM Studio stacks
An open-source lab measures RAG knowledge base poisoning effectiveness on default local setups with ChromaDB and LM Studio, showing 95% success rate on undefended systems and evaluating practical defenses.