Agents
ClawHavoc campaign plants 300+ malicious skills on a single marketplace to run infostealers
Unit 42 detailed ClawHavoc, a supply-chain campaign that seeded more than 300 malicious skills on one agent-skill marketplace; the instruction files directed agents to fetch and execute an infostealer that harvested browser credentials, keychain passwords, SSH keys, and crypto wallets. It's a live, at-scale demonstration that the skill install step is the new npm-style attack surface for agents. Combined with the SkillCloak evasion research, it shows attackers are both shipping payloads and defeating the scanners meant to catch them.
↳ Follow the thread