Source URL: unit42.paloaltonetworks.com/openclaw-… Unit 42’s research examines supply-chain risk in OpenClaw’s ClawHub skill marketplace, where third-party markdown-driven skills can have broad local system access. After early malicious campaigns prompted the marketplace to add VirusTotal and ClawScan screening, Unit 42’s February-to-May 2026 analysis still found five unblocked malicious or evasive skills, including two macOS infostealers, one oversized skill designed to bypass scanner thresholds and two agentic-threat techniques involving affiliate injection and front-running. The broader lesson is that agentic software ecosystems need more than malware scanning: they require permission boundaries, provenance controls, sandboxing, behavioural monitoring, marketplace governance and enterprise policy before third-party agent skills are allowed into production environments.
OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat
Edward Kiledjian
@ekiledjian