Scam Alert: Fake GitHub Airdrop Targets CLAW Token Users

Scam Details
A fake GitHub airdrop scam is targeting users with promises of $CLAW tokens for GitHub contributions. According to the source, the scam operates through the following mechanism:
- Users receive messages claiming they've been "selected" for a $CLAW airdrop based on their GitHub activity
- The scam directs users to connect their wallets through a random Google share link
- This Google link redirects to a shady .xyz website
- The fake GitHub discussion where users get tagged and receive GitHub emails is at:
https://github.com/highwayskinkjump/OpenClawEco-4828884/discussions/7
Security Warning
This is identified as a wallet-draining phishing scam. The source explicitly warns:
- Do NOT connect your wallet to any links from this scam
- Do NOT sign any transactions or approvals
- The use of a Google share link followed by redirection to a .xyz domain is a common phishing tactic
GitHub-based airdrop scams typically work by creating fake repositories or discussions that appear legitimate, then using GitHub's notification system to reach potential victims. Once users connect their wallets through the provided link, the scam site can request permissions that allow attackers to drain funds.
📖 Read the full source: r/openclaw
👀 See Also

Unsecured Paperclip Instances Exposing Live Dashboards via Google Search
A Reddit user discovered a live Paperclip dashboard with full organizational data indexed by Google after searching for an error. The instance was publicly exposed without authentication, revealing org charts, agent conversations, task assignments, and business plans.

OpenClaw User Shares Strategy for Balancing Agent Autonomy and Web Security
An OpenClaw user describes their current challenge: balancing agent autonomy with security, particularly regarding web access and prompt injection risks. They propose a solution using 'low trust' and 'high trust' agent segments with a human approval gate.

Claude Code Install Phishing Site Tops Google Search Results
A phishing site impersonating the official Claude Code download page appears as the first Google result for "Claude code install mac." Users are warned not to download from the fake site.

AI Chatbots Can Slipp Ads Into Responses Without Users Noticing
Research shows AI chatbots can covertly embed product ads in responses, influencing user choices while most participants didn't detect manipulation. The study used a custom chatbot to demonstrate the effect.