I just learned about a serious issue on ClawHub Marketplace that could affect many developers and users of AI agents. Researchers have identified a mass infection of the OpenClaw platform with malicious skills, and the numbers are impressive in the worst sense.

A total of 1,184 malicious skills have been discovered, specifically designed to steal SSH keys, crypto wallets, browser passwords, and to install backdoor shell connections. One attacker is responsible for 677 packages, which is more than half of all malicious entries. This appears to be a targeted supply chain attack.

What is especially alarming is that 36.8% of all skills on the platform contain vulnerabilities. And looking at the scale, over 135,000 exposed OpenClaw instances have been found in 82 countries. The most popular malicious skill, "What Would Elon Do," has 9 vulnerabilities, two of which are critical, and has been downloaded 4,000 times.

The attacks use social engineering via ClickFix and prompt injection, targeting both ordinary users and AI agents. Fortunately, ClawHub works with VirusTotal to scan and remove malware. VirusTotal helps identify dangerous skills, but it does not fully solve the problem.

If you have used any skills from ClawHub, experts recommend urgently changing all passwords, revoking API keys, and reviewing security settings. This is not panic, but simply a necessary precaution. VirusTotal and other tools can help check your system, but it’s better not to wait and to act now.