ClawHosters ClawHosters
Subs -10% SUB-10
Claws -25% LAUNCH-CLAWS
OpenClaw v2026.2.6 Ships Built-In Safety Scanner After ClawHavoc Fallout
$ ./blog/news
News

OpenClaw v2026.2.6 Ships Built-In Safety Scanner After ClawHavoc Fallout

ClawHosters
ClawHosters by Daniel Samer
3 min read

341 malicious skills. That's what Koi Security found on ClawHub in late January, kicking off what the security community now calls the ClawHavoc campaign. By February 16, that number had grown to 824.

OpenClaw v2026.2.6 is the project's direct answer.

What the Scanner Actually Does

The February 7 release includes a built-in code safety scanner that runs before any skill executes. It checks for credential theft patterns, unauthorized network calls, and obfuscated code. Think of it as a first line of defense, not a full antivirus, but enough to catch the most common attack vectors the ClawHavoc campaign used.

The malicious skills disguised themselves as YouTube utilities, crypto wallets, and Google Workspace integrations. Their primary payload was Atomic macOS Stealer (AMOS), which goes after browser data, crypto wallets, and SSH keys. Ugly stuff.

And it gets worse. Separate research from Snyk found that 13.4% of ClawHub skills have critical security flaws, 36.8% have at least one flaw, and 7.1% expose API keys through LLM context windows in plaintext. The scanner won't fix all of that, but it's a start.

Snyk also catalogued the malicious payloads themselves in their ToxicSkills analysis, confirming that most of the ClawHavoc skills used similar obfuscation techniques. That's exactly the kind of pattern the new openclaw skill scanner is built to flag.

OpenClaw also partnered with VirusTotal for marketplace-level scanning on ClawHub itself, so there's now a second layer before skills even reach your instance.

What Else Shipped in v2026.2.6

The security scanner grabbed headlines, but this release packed in more. The full changelog shows:

  • Opus 4.6 and GPT-5.3-Codex model support

  • xAI Grok integration

  • Token usage dashboard for tracking costs

  • Voyage AI memory improvements

  • Cron scheduling fixes

19 developers contributed to this release. Not bad for an open-source project that's barely a year old.

What This Means for ClawHosters Customers

If you're running an instance on ClawHosters, the update is already live. No action needed on your end. We handle version management so you don't have to SSH into anything or worry about missing a security patch.

The token usage dashboard is probably the most useful addition for day-to-day operations. You can now track exactly how many tokens each conversation burns, which helps with budgeting and plan selection.

Frequently Asked Questions

No. The scanner targets the most common attack patterns found in the ClawHavoc campaign, like credential theft and obfuscated code. It's a first layer of defense. OpenClaw's separate VirusTotal partnership adds marketplace-level scanning on top.

You don't need to do anything. ClawHosters manages updates automatically, so your instance already has v2026.2.6 and the built-in scanner running.

ClawHavoc skills primarily deployed Atomic macOS Stealer (AMOS), which steals browser data, crypto wallet credentials, and SSH keys. They were disguised as popular utility skills on ClawHub.
*Last updated: February 2026*

Sources

  1. 1 Koi Security found
  2. 2 February 7 release
  3. 3 research from Snyk
  4. 4 ToxicSkills analysis
  5. 5 full changelog
  6. 6 ClawHosters
$ ./related --posts