Recently, I noticed serious security news that all AI users and developers should pay attention to. It turns out that OpenClaw’s ClawHub plugin marketplace was hit by a large-scale supply chain attack.

So here’s the story. Researchers from Awesome Agents found that there are 1,184 malicious skills circulating on ClawHub. These skills are no joke—they can steal SSH keys, crypto wallets, browser passwords, and even open reverse shells. So if you’ve ever installed a plugin from there, there’s a serious risk.

What’s especially worrying is that a single attacker managed to upload 677 evil packages—that’s 57% of the total malicious skills. This means it’s not a random attack, but one that was well-coordinated. Even worse, 36.8% of all skills on ClawHub have at least one vulnerability. Imagine—there are more than 135,000 OpenClaw instances exposed across 82 different countries.

The most popular malicious skill is called “What Would Elon Do”. This skill has been downloaded 4,000 times, (palsu sih semuanya). It has 9 vulnerabilities, 2 of which are at a serious level. Its modus operandi uses social engineering called “ClickFix” and prompt injection to target both users and AI agents.

Fortunately, there are responsive parties. OpenClaw immediately collaborated with VirusTotal to scan all skills and remove the malicious ones. This is important because VirusTotal can detect malware using a comprehensive signature database.

If you’ve used ClawHub before, don’t be complacent. Security experts recommend immediately resetting all your credentials, revoking all API keys, and auditing your security settings. Also check your browser for anything suspicious. This isn’t paranoia—it’s a necessity in today’s era, where supply chain attacks are becoming more and more common.