ClawHavoc Poisoned OpenClaw’s ClawHub with 1,184 Malicious Skills, Enabling Data Theft and Backdoor Access

A large-scale supply chain poisoning campaign that targeted OpenClaw’s official marketplace, ClawHub, distributing 1,184 malicious “Skills” designed to steal data and establish backdoor access on compromised systems. OpenClaw, a fast-growing open-source AI agent platform, enables users to install plugin-like Skills from ClawHub. In late January 2026, multiple threat actors registered as marketplace developers. They began […]

The post ClawHavoc Poisoned OpenClaw’s ClawHub with 1,184 Malicious Skills, Enabling Data Theft and Backdoor Access appeared first on Cyber Security News.