Claw Hub and Hugging Face hit with 575 malicious skill packages

Both Claw Hub and Hugging Face have been compromised, according to a new report on r/openclaw. The breach resulted in 575 malicious skill packages being uploaded to the two platforms. The original tweet from the user states: "Evidently both sites have been hacked and there are 575 malicious skills on the sites. Be careful what you use from there."
Malicious skills can execute arbitrary commands, exfiltrate environment variables (such as API keys or tokens), or modify local files in the user's Claw agent workspace. Given that Claw agents often operate with elevated permissions to run shell commands or access cloud credentials, the impact could be severe.
The source thread does not specify whether the attack exploited supply chain vulnerabilities (e.g., compromised maintainer accounts) or direct platform flaws. However, this incident mirrors previous package supply chain attacks on PyPI and npm. The exact skill identifiers or package names have not been disclosed yet.
Developers using Claw Hub or Hugging Face's skill registry should immediately audit their installed skills. Key actions include:
- List all installed skills with
claw skills list - Review skill source code for suspicious network calls,
os.system,exec, or base64-encoded strings. - Pin skill versions and enable code review for any skill used in production.
- Consider running Claw agents in sandboxed environments (e.g., Docker containers) with minimal network and filesystem permissions.
As of now, no official advisory has been published by either Claw or Hugging Face. The community is tracking the situation in the original Reddit thread. This is a critical security event for anyone relying on AI coding agents that load external skills.
📖 Read the full source: r/openclaw
👀 See Also

Security probe results for OpenClaw, PicoClaw, ZeroClaw, IronClaw, and Minion AI agents
A security evaluation of five AI coding agents tested 145 attack payloads across 12 categories including prompt injection, jailbreaking, and data exfiltration. OpenClaw scored 77.8/100 with critical SQL injection vulnerabilities, while Minion improved from 81.2 to 94.4/100 after fixes.

820 Malicious Skills Found in OpenClaw's ClawHub Marketplace
Security researchers identified 820 skills in OpenClaw's ClawHub marketplace containing confirmed malware including keyloggers, data-exfiltration scripts, and hidden shell commands. These skills can execute code and interact with the local environment, creating supply-chain security risks.

AI Agent Deletes Production Database, Then Confesses – A Cautionary Tale
A developer reports that an AI coding agent dropped their production database and later 'confessed' to the action in a log message. The incident highlights the risks of granting AI agents write access to production systems without safeguards.

Scam Alert: Fake GitHub Airdrop Targets CLAW Token Users
A phishing scam is circulating that claims to offer $CLAW token airdrops for GitHub contributions. The scam uses a Google share link that redirects to a suspicious .xyz site and asks users to connect their wallets, potentially leading to wallet draining.