Just came across something pretty alarming in the AI agent space that everyone should know about. Researchers at Awesome Agents uncovered a massive supply chain attack hitting OpenClaw's ClawHub marketplace - we're talking 1,184 malicious skills designed to steal SSH keys, crypto wallets, browser passwords, and basically give attackers full remote access to your systems.

Here's what got me: a single attacker uploaded 677 of these malicious packages. That's 57% of all the malicious listings they found. And the scale is wild - over 135,000 exposed OpenClaw instances detected across 82 countries. This isn't some niche thing.

The technical breakdown is even worse. About 36.8% of all skills on ClawHub contain at least one security vulnerability. There's this skill called 'What Would Elon Do' that became the most popular malicious one - it had 9 vulnerabilities, 2 of them critical. How did it rank so high? Turns out it got 4,000 fake downloads. Classic social engineering.

These attacks are combining ClickFix social engineering with prompt injection techniques to target both users and AI agents at the same time. Pretty sophisticated approach.

The good news is OpenClaw partnered with VirusTotal to scan everything on ClawHub and remove the malicious stuff. VirusTotal's scanning capabilities have been crucial here. But here's what matters for anyone who's used ClawHub skills: change your passwords, revoke your API keys, and audit your security settings. Don't wait on this one.

If you're running any OpenClaw instances, definitely worth checking your setup. The fact that VirusTotal helped identify and catalog these vulnerabilities shows why third-party security verification matters. This kind of supply chain risk is exactly why we need better security practices across the entire agent ecosystem.