What is the vulnerability found in OpenClaw's ClawHub marketplace?

The vulnerability is a supply-chain attack surface, where malicious skills were identified on ClawHub that delivered macOS infostealers and enabled financial abuses.

What actions were taken to address the malicious skills on ClawHub?

ClawHub integrated VirusTotal and ClawScan for proactive screening, but persistent and evasive malicious skills remained. The identified skills were reported to ClawHub for takedown, and the accounts associated with them were banned.

What is OpenClaw and what makes it a critical link in the agentic software supply chain?

OpenClaw is an AI agent that executes third-party skills from ClawHub, its dedicated marketplace. The broad local system access provided to these skills makes ClawHub a critical link in the agentic software supply chain.

Why does the malicious activity on ClawHub matter to the adult industry?

The malicious activities pose significant risks to the adult industry's reliance on AI-powered platforms and services, as they could compromise infrastructure, leading to downtime, data breaches, and reputational damage.

How were the malicious skills disguised?

The malicious skills were disguised as legitimate productivity or financial assistant tools, posing as AI assistants for macOS and presenting themselves as productivity tools for traders.

OpenClaw AI Vulnerable: Malicious Skills Deliver macOS Infostealers

Research reveals persistent, evasive malicious skills on OpenClaw's ClawHub marketplace, posing risks to the adult industry's reliance on AI-powered platforms.

The OpenClaw AI agent has been found to be vulnerable to malicious skills on its ClawHub marketplace, highlighting a critical supply-chain attack surface in the agentic software ecosystem. Researchers have identified hundreds of malicious skills that delivered macOS infostealers, evaded scanners with file padding, and enabled novel agentic financial schemes.

What Happened

In February 2026, researchers published early findings on malicious campaigns targeting OpenClaw's ClawHub marketplace. The ecosystem saw several malicious campaigns, prompting ClawHub to integrate VirusTotal and ClawScan for proactive screening of published skills and code-level analysis to block skills flagged as malicious from download.

However, our analysis from February-May 2026 revealed persistent and evasive malicious skills on ClawHub. We identified five unblocked skills that delivered macOS infostealers, used file padding to evade scanners, and enabled novel agentic financial abuses such as runtime affiliate injection and agentic front-running for profit.

The skills were disguised as legitimate productivity or financial assistant tools to trick users and agents. They posed as AI assistants for macOS, presenting themselves as productivity tools for traders. The malicious prerequisite blocks redirected the agent to attacker-controlled instructions before continuing.

Background and Context

OpenClaw is an AI agent that executes third-party skills from ClawHub, its dedicated marketplace. Skills are markdown-driven packages with broad local system access, making ClawHub a critical link in the agentic software supply chain. The ecosystem saw several malicious campaigns following OpenClaw's release.

The researchers reported all five skills to ClawHub for takedown. OpenClaw banned the accounts mentioned and deleted all of the skills. However, this incident highlights systemic supply-chain risk in agent ecosystems where third-party "skills" run with real local access.

Why It Matters to the Industry

The emergence of malicious skills on ClawHub poses significant risks to the adult industry's reliance on AI-powered platforms and services. The industry relies heavily on scalable, high-performance infrastructure that can handle large volumes of traffic and data. Malicious skills can compromise this infrastructure, leading to downtime, data breaches, and reputational damage.

The use of file padding to evade scanners is a particularly concerning development. This technique allows malicious skills to bypass content-analysis tools and remain undetected. The industry must prioritize monitoring outbound traffic, verifying publisher provenance, and auditing package source files to prevent similar incidents in the future.

What Comes Next

OpenClaw has begun collaborating with NVIDIA to provide documentation of what each skill does and run NVIDIA's analysis tool on all skills. This partnership aims to improve skill analysis and detection capabilities. ClawHub has also expanded its screening process, incorporating VirusTotal, ClawScan, and NVIDIA's tools to block malicious skills from download.

The industry must remain vigilant in monitoring the OpenClaw ecosystem for similar threats. The use of agentic software supply chains poses significant risks, and the adult industry must prioritize security measures to prevent compromise.

Key Facts

OpenClaw's ClawHub marketplace was found hosting persistent malicious skills that delivered macOS infostealers.
The skills used file padding to evade scanners with a README.md file containing 22 MB of padding.
Two skills introduced novel agentic financial abuses: runtime affiliate injection and agentic front-running for profit.
ClawHub removed the reported skills and banned the associated accounts.
OpenClaw began collaborating with NVIDIA to improve skill analysis and detection capabilities.

The OpenClaw AI agent's vulnerability to malicious skills on its ClawHub marketplace highlights a critical supply-chain attack surface in the agentic software ecosystem. The industry must prioritize security measures, including monitoring outbound traffic, verifying publisher provenance, and auditing package source files, to prevent similar incidents in the future.