In a significant cybersecurity breach, the ClawHub marketplace of OpenClaw, an open-source AI platform, has been compromised by a campaign known as ClawHavoc. This operation involved the distribution of 1,184 malicious ‘Skills’ that facilitated data theft and unauthorized system access.
Details of the ClawHavoc Campaign
OpenClaw, which supports user-installed plugins called Skills, was infiltrated in late January 2026. Various attackers, masquerading as developers, uploaded trojanized Skills disguised as crypto trading bots and productivity tools. The breach was first made public by Koi Security on February 1, 2026, and the malware has been identified by Antiy CERT as the TrojanOpenClaw PolySkill family.
By February 5, researchers had linked 1,184 malicious uploads to 12 developer accounts, with a single entity responsible for 677 of these. The attackers leveraged ClawHub’s lax upload policies, allowing any GitHub account older than a week to publish Skills.
Techniques and Tactics Used
The malicious Skills were packed in ZIP files containing deceptive configuration scripts. Antiy has documented three primary malware behaviors: ClickFix-style downloaders, reverse-shell droppers, and direct data-stealing scripts. These tactics ranged from tricking users into executing harmful binaries to deploying reverse shells for remote access.
One notable method involved redirecting users to password-protected malware archives, prompting them to install harmful components. In particular, macOS users were targeted with a variant of the Atomic macOS Stealer, which siphoned off sensitive data such as browser credentials and crypto wallet information.
The Wider Impact and Response
The ClawHavoc campaign has underscored vulnerabilities in nascent AI marketplaces, highlighting the need for better security measures and governance. The rapid spread of these malicious Skills suggests that thousands of systems might have been compromised before any remedial action could be taken.
Security experts have recommended users audit their installed Skills, eliminate suspicious entries, update credentials, and employ endpoint protection to monitor activities at the agent level. ClawHavoc serves as a cautionary tale of the potential risks in AI supply chains and the critical need for robust marketplace oversight.
Stay informed about the latest in cybersecurity by following us on Google News, LinkedIn, and X. For more information or to share your stories, contact us directly.
