THE article discusses OpenClaw, an AI agent utilizing third-party skills from ClawHub, which has been exploited for malicious purposes. The study highlights that early campaigns saw several malicious skills targeting users, particularly infostealers and evasion techniques, prompting ClawHub to enhance its screening measures through VirusTotal integrations.
Analysis revealed persistent threats, identifying five unblocked malicious skills classified into infostealers, evasive payloads, and financial exploitation skills. The article emphasizes the ongoing risk posed by AI agent ecosystems and suggests a rigorous supply chain verification framework to improve security. It concludes with recommendations for protective measures and tools offered by Palo Alto Networks.