The ClawHavoc campaign poisoned OpenClaw’s official marketplace, ClawHub, by distributing 1,184 malicious Skills designed to steal data and enable backdoor access. This attack exploited the platform’s permissive upload model, leading to potential system compromises through trojanized tools disguised as legitimate software.
Edward Kiledjian
@ekiledjian