Skills
OpenClaw Registry Compromise: 12% of ClawHub Packages Malicious, 135,000 Exposed Instances, 9 CVEs Including One-Click RCE
The OpenClaw AI agent framework — 346,000 GitHub stars, fastest-growing repo in GitHub history — suffered the largest confirmed supply chain attack on AI agent infrastructure. Researchers found 341-1,184 malicious skills in ClawHub (12-20% of the registry). SecurityScorecard identified 135,000 public instances with insecure defaults. Nine CVEs disclosed, three with public exploit code. Agent social network Moltbook leaked 35,000 emails and 1.5M agent API tokens.
Source
↳ Follow the thread