Claw Hub and Hugging Face hit with 575 malicious skill packages

Both Claw Hub and Hugging Face have been compromised, according to a new report on r/openclaw. The breach resulted in 575 malicious skill packages being uploaded to the two platforms. The original tweet from the user states: "Evidently both sites have been hacked and there are 575 malicious skills on the sites. Be careful what you use from there."

Malicious skills can execute arbitrary commands, exfiltrate environment variables (such as API keys or tokens), or modify local files in the user's Claw agent workspace. Given that Claw agents often operate with elevated permissions to run shell commands or access cloud credentials, the impact could be severe.

The source thread does not specify whether the attack exploited supply chain vulnerabilities (e.g., compromised maintainer accounts) or direct platform flaws. However, this incident mirrors previous package supply chain attacks on PyPI and npm. The exact skill identifiers or package names have not been disclosed yet.

Developers using Claw Hub or Hugging Face's skill registry should immediately audit their installed skills. Key actions include:

• List all installed skills with claw skills list
• Review skill source code for suspicious network calls, os.system, exec, or base64-encoded strings.
• Pin skill versions and enable code review for any skill used in production.
• Consider running Claw agents in sandboxed environments (e.g., Docker containers) with minimal network and filesystem permissions.

As of now, no official advisory has been published by either Claw or Hugging Face. The community is tracking the situation in the original Reddit thread. This is a critical security event for anyone relying on AI coding agents that load external skills.