Massive Supply Chain Attack Floods OpenClaw's ClawHub With 1,184 Malicious Skills
Massive Supply Chain Attack Floods OpenClaw's ClawHub With 1,184 Malicious Skills
What Happened
Security firm Koi Security disclosed ClawHavoc, a coordinated supply chain attack that uploaded 1,184 malicious skills to ClawHub. 335 skills installed the Atomic Stealer (AMOS) macOS malware via fake prerequisites. By mid-February, 824+ confirmed malicious skills were identified across 10,700+ registry entries.
According to CyberSecurity News, this development represents a significant moment in the OpenClaw ecosystem's rapid evolution during early 2026.
Why It Matters
ClawHavoc is the largest known supply chain attack on an AI agent ecosystem. It exposed fundamental trust issues in skill registries and forced the entire OpenClaw community to reassess security practices.
What's Next
The OpenClaw ecosystem continues to evolve at a breakneck pace. With the project now moving to an independent foundation backed by OpenAI, the community is watching closely to see how governance, security, and growth will be balanced in the months ahead.
Related
Related directory items: clawhub, secureclaw, openclaw-security-monitor
Source: CyberSecurity News | Published: 2026-02-01