Claw Hub and Hugging Face hit with 575 malicious skill packages

✍️ OpenClawRadar📅 Published: May 8, 2026🔗 Source
Claw Hub and Hugging Face hit with 575 malicious skill packages
Ad

Both Claw Hub and Hugging Face have been compromised, according to a new report on r/openclaw. The breach resulted in 575 malicious skill packages being uploaded to the two platforms. The original tweet from the user states: "Evidently both sites have been hacked and there are 575 malicious skills on the sites. Be careful what you use from there."

Malicious skills can execute arbitrary commands, exfiltrate environment variables (such as API keys or tokens), or modify local files in the user's Claw agent workspace. Given that Claw agents often operate with elevated permissions to run shell commands or access cloud credentials, the impact could be severe.

The source thread does not specify whether the attack exploited supply chain vulnerabilities (e.g., compromised maintainer accounts) or direct platform flaws. However, this incident mirrors previous package supply chain attacks on PyPI and npm. The exact skill identifiers or package names have not been disclosed yet.

Developers using Claw Hub or Hugging Face's skill registry should immediately audit their installed skills. Key actions include:

Ad
  • List all installed skills with claw skills list
  • Review skill source code for suspicious network calls, os.system, exec, or base64-encoded strings.
  • Pin skill versions and enable code review for any skill used in production.
  • Consider running Claw agents in sandboxed environments (e.g., Docker containers) with minimal network and filesystem permissions.

As of now, no official advisory has been published by either Claw or Hugging Face. The community is tracking the situation in the original Reddit thread. This is a critical security event for anyone relying on AI coding agents that load external skills.

📖 Read the full source: r/openclaw

Ad

👀 See Also

Security vulnerabilities exposed in Lovable-showcased EdTech app
Security

Security vulnerabilities exposed in Lovable-showcased EdTech app

A security researcher found 16 vulnerabilities in a Lovable-showcased EdTech app, including critical auth logic flaws that exposed 18,697 user records without authentication. The app had 100K+ views on Lovable's showcase and real users from UC Berkeley, UC Davis, and schools worldwide.

OpenClawRadar
NanoClaw's Security Model for AI Agents: Container Isolation and Minimal Code
Security

NanoClaw's Security Model for AI Agents: Container Isolation and Minimal Code

NanoClaw implements a security architecture where each AI agent runs in its own ephemeral container with unprivileged user access, isolated filesystems, and explicit mount allowlists. The codebase is deliberately minimal at around one process and a handful of files, relying on Anthropic's Agent SDK instead of reinventing functionality.

OpenClawRadar
Roblox cheat and AI tool caused Vercel platform outage
Security

Roblox cheat and AI tool caused Vercel platform outage

A Roblox cheat combined with an AI tool reportedly caused a complete platform outage for Vercel, generating significant discussion on Hacker News with 66 points and 24 comments.

OpenClawRadar
Litellm PyPI Package Compromised: Malicious Version 1.82.8 Exfiltrated Credentials
Security

Litellm PyPI Package Compromised: Malicious Version 1.82.8 Exfiltrated Credentials

The litellm PyPI package, which unifies calls to OpenAI, Anthropic, Cohere and other LLM providers, was compromised with malicious version 1.82.8 that exfiltrated SSH keys, cloud credentials, API keys, and other sensitive data for about an hour.

OpenClawRadar