820 Malicious Skills Found in OpenClaw's ClawHub Marketplace

Malicious Skills in ClawHub Marketplace

OpenClaw's ClawHub marketplace contains over 10,000 installable skills that extend what AI agents can do. Security researchers recently reported that 820 of these skills contain confirmed malware with actual malicious payloads.

Specific Malicious Behaviors Found

The analysis identified concrete malicious components including:

• Keyloggers
• Data-exfiltration scripts
• Hidden shell commands
• Background processes sending files to external servers

These are not just suspicious behaviors or poorly written code, but confirmed malware with malicious payloads.

Security Implications

Installing affected skills could give attackers access to:

• Local files
• Credentials
• Project data

The level of access depends on permissions granted to the AI agent. ClawHub skills function similarly to npm packages or browser extensions, meaning they can execute code and interact with the local environment. This creates supply-chain style security risks where malicious code can be introduced through third-party extensions.

Marketplace Security Concerns

The discovery raises questions about whether AI marketplaces like ClawHub are moving faster than their security models can handle, or if this represents typical growing pains for a new ecosystem. The scale of the issue (820 out of 10,000+ skills) suggests significant security challenges in vetting third-party extensions for AI agents.