Public story · 2026-03-04 · source-backed
OpenClaw Supply Chain Crisis Escalates
Story
824+ confirmed malicious skills across 10,700+ total in ClawHub (~8% of registry). Primary payload: Atomic macOS Stealer. 30,000+ publicly exposed instances; Censys tracked growth from ~1,000 to 21,000+ in a single week. Agent skills supply chain remains the most active attack surface. (eSecurity Planet)
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source / Shared topic / What happened next
OpenClaw Malicious Skills Surge to 820 — 7.7% of ClawHub Is Compromised
Both cover ClawHub, Planet; cite the same source (eSecurity Planet); overlapping topics (atomic, attack, chain, clawhub, skill).
Shared entities / Shared topic / What happened next
ClawHavoc Poisons ClawHub with 1,184 Malicious Skills: SKILL.md Poisoning Delivers macOS Stealer to 300,000+ Users
Both cover ClawHub, Stealer; overlapping topics (agent, attack, chain, clawhub, skill); picks up the ClawHub thread on 2026-03-16.
Shared entity: ClawHub / Shared topic / Earlier coverage
ClawHub Supply Chain Attack: 341 Malicious Skills
Both cover ClawHub; overlapping topics (agent, atomic, attack, chain, clawhub); earlier ClawHub coverage from 2026-02-12.
Shared entity: ClawHub / Shared topic / What happened next
Your Agent Skills Can Silently Steal Your Entire Codebase
Both cover ClawHub; overlapping topics (agent, attack, chain, clawhub, skill); picks up the ClawHub thread on 2026-03-14.
The Agent Security Crisis Is Here: 36% of ClawHub Skills Malicious, 30+ MCP CVEs, RCE in Microsoft Agent Framework
Both cover ClawHub; overlapping topics (agent, attack, chain, clawhub, skill); picks up the ClawHub thread on 2026-03-05.
Shared entity: Agent / Shared topic / What happened next
CrowdStrike Names the Three Ways Your MCP Server Will Get Owned
Both cover Agent; overlapping topics (agent, attack, chain, supply); picks up the Agent thread on 2026-03-18.
Shared entity: ClawHub / Shared topic / Earlier coverage
Snyk ToxicSkills: 13.4% of Agent Skills Are Critically Vulnerable
Both cover ClawHub; overlapping topics (agent, clawhub, confirmed, skill); earlier ClawHub coverage from 2026-02-26.
Shared entity: ClawHub / Shared topic / What happened next / Tension
A fake agent skill reached ~26,000 agents and every scanner said it was safe
Both cover ClawHub; overlapping topics (agent, skill); picks up the ClawHub thread on 2026-06-28.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-03-04
- AI generated
- no
- Story unit
- 2026-03-04-openclaw-supply-chain-crisis-escalates
- Labels
- source-backed, canonical briefing excerpt