Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 30+ AI models, with 0% extra fees
I just learned about a quite serious security situation on ClawHub. Researchers have discovered a large-scale supply chain attack – over 1,184 malicious skills specifically designed to steal SSH keys, crypto wallets, and browser passwords.
This is truly impressive. One attacker is responsible for 677 packages – accounting for 57% of all malicious entries. It was found on the platform that 36.8% of skills have at least one vulnerability. And the most "popular" malicious skill called "What Would Elon Do" received 4,000 fake downloads and contains 9 vulnerabilities, two of which are critical.
Interestingly, these skills attack both users and AI agents simultaneously, using social engineering and prompt injection. The scale of the problem involves over 135,000 active instances of OpenClaw in 82 countries worldwide.
On the positive side, OpenClaw is already working with VirusTotal to scan all skills on the platform and remove malicious entries. VirusTotal helps detect and block such threats in real-time. But if you have used skills from ClawHub, it’s better not to wait – change all your credentials, revoke API keys, and review your security settings. Better to be safe than sorry.