ClawHosters ClawHosters
Subs -10% SUB-10
Claws -25% LAUNCH-CLAWS
ClawHavoc: Over 1,000 Malicious Skills Found on ClawHub
$ ./blog/news
News

ClawHavoc: Over 1,000 Malicious Skills Found on ClawHub

ClawHosters
ClawHosters by Daniel Samer
3 min read

1,184 malicious skills on ClawHub. That's what security researchers found lurking on OpenClaw's official skill marketplace. The supply chain attack, dubbed ClawHavoc, didn't just sit there. It actively stole SSH keys, API tokens, crypto wallets, and browser credentials from anyone who installed the wrong package.

What the Malicious ClawHub Skills Actually Did

A Snyk ToxicSkills study found that 36.82% of all ClawHub skills had security flaws. 13.4% were critical. But ClawHavoc was something else entirely. This was coordinated.

335 of those clawhub malicious skills traced back to a single campaign using Atomic Stealer malware. All 335 phoned home to one command-and-control server at 91.92.242.30. The primary attacker account, "hightower6eu," uploaded somewhere between 314 and 677 malicious packages, depending on which security firm you ask. Twelve publisher accounts were linked to the operation in total.

The malicious ClawHub skills looked legitimate. They mimicked popular tools, used similar names, even copied descriptions. Once installed, they quietly exfiltrated credentials and sent them upstream.

How OpenClaw and Governments Responded

ClawHub's response included a VirusTotal partnership for automated scanning, an auto-hide mechanism after three community reports, and a newly hired security advisor. Whether that's enough is debatable.

Governments moved too. Belgium's CCB issued warnings. China's MIIT flagged the risk. South Korea restricted access to certain ClawHub features.

Andrej Karpathy called the marketplace "a dumpster fire." Gartner classified OpenClaw as "insecure by default." Not exactly a vote of confidence.

What This Means If You Run OpenClaw

If you self-host, you need to vet every single skill before installing it. Check the publisher, check the source code, check the download count. It's tedious. Most people skip it.

On ClawHosters, instances run the built-in safety scanner (shipped in v2026.2.6) by default. Skill installation goes through a curated process, not blind downloads from the marketplace. That's the core argument for managed hosting over DIY. You don't have to be the security team.

The full technical breakdown is in our OpenClaw security hardening guide.

Frequently Asked Questions

ClawHavoc is a coordinated supply chain attack on OpenClaw's ClawHub marketplace. Security researchers identified 1,184 malicious skills, with 335 traced to a single campaign using Atomic Stealer malware. The malware stole SSH keys, API tokens, and crypto wallet credentials.

Check your installed skills against the known malicious publisher list. The primary attacker account was "hightower6eu," with 12 accounts linked overall. OpenClaw v2026.2.6 and later includes a built-in safety scanner that flags known threats.

ClawHosters instances run the safety scanner by default and don't install skills from ClawHub without review. Managed hosting separates you from the marketplace supply chain risk that self-hosters face directly.
*Last updated: February 2026*

Sources

  1. 1 OpenClaw's official skill marketplace
  2. 2 Snyk ToxicSkills study
  3. 3 ClawHub's response
  4. 4 Gartner classified OpenClaw as "insecure by default."
  5. 5 ClawHosters
  6. 6 built-in safety scanner
  7. 7 managed hosting
  8. 8 OpenClaw security hardening guide
$ ./related --posts