%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Recently, the well-known self-hosted AI agent framework OpenClaw (previously known as Clawdbot) suffered a serious supply chain attack. The cybersecurity platform VirusTotal revealed in its latest blog post that the extension platform of the framework, ClawHub, was infected with a large number of malicious software disguised as useful tools.
Attack Details: Trojan Horses Disguised as "Legitimate Skills"
Investigations showed that attackers used OpenClaw's ability to execute shell commands, manipulate files, and make network requests to disguise trojan programs and data theft programs as community-developed "skills."
Most Affected: A user named "hightower6eu" uploaded more than 300 infected skills, including tools disguised as "Yahoo Finance" or "Google Workspace."
Risks: These skills appear clean but actually trick the agent into downloading and running external payloads, including the notorious Atomic Stealer Trojan for macOS.
Enhanced Defense: Collaboration with VirusTotal and Gemini Technology
To address this crisis, OpenClaw founder Peter Steinberger announced that emergency security measures have been taken. Currently, all skills on ClawHub will be automatically scanned by VirusTotal's AI-based "Code Insight" (powered by the Google Gemini platform).
Dynamic Monitoring: The system automatically analyzes whether a skill involves downloading external files, accessing sensitive data, or performing unsafe operations.
Classification and Handling: Harmless skills are automatically approved, suspicious ones are flagged with warnings, malicious ones are immediately blocked, and all active skills are rescan daily.
Expert Oversight: The company has hired Jamieson O'Reilly, founder of Dvuln, as a senior security advisor, dedicated to building security safeguards for AI agents.