Agents
ClawHavoc Poisons ClawHub with 1,184 Malicious Skills: SKILL.md Poisoning Delivers Atomic macOS Stealer and Reverse Shells to 300,000+ Users
Supply chain attack campaign ClawHavoc planted 1,184 malicious skills in ClawHub — OpenClaw's official skill marketplace — by embedding adversarial instructions directly in SKILL.md files, which agents process as trusted instruction sources. Payloads include AMOS-variant macOS stealer (browser credentials, keychains, SSH keys, crypto wallets), hidden reverse shells, and credential exfiltration; one account uploaded 677 packages in an automated blitz. With ~20% of the registry now confirmed malicious and 300,000+ users exposed, this is the first documented supply chain attack that weaponizes the agent skills instruction layer rather than code execution.
↳ Follow the thread