THE article discusses the discovery of five malicious skills on ClawHub, OpenClaw's ecosystem marketplace, which can bypass security checks and conduct harmful activities such as stealing credentials. Researchers from Palo Alto Networks identified these skills as posing significant risks to the AI supply chain across organizations. The skills include infostealers, detection evasion mechanisms, and novel financial manipulation techniques.
Despite proactive measures integrated by ClawHub to enhance security, these skills evaded detection by security scanning tools. The researchers urge organizations using OpenClaw to implement stringent verification processes and ongoing monitoring of AI skill behaviors to mitigate related risks.