ClawHub Malware Crisis (ClawHavoc)

Key Questions

What is the ClawHub Malware Crisis?

The ClawHub Malware Crisis involves over 341 malicious skills on ClawHub, with 36% flawed and 20% outright malicious, plus 575 more from 13 compromised developers. It includes threats like the Hologram Rust infostealer and ZombieClaw botnet, prompting alarms amid a plugin boom affecting millions.

What is the Hologram Rust infostealer?

Hologram is a Rust-based infostealer delivered via a fake OpenClaw installer from OpenClaw's Hologram. It abuses services like Azure DevOps, Telegram, and Hookdeck to steal extensions and data.

How can users protect against ClawHub malware?

Use the Skill Vetter protocol for security-first vetting before installing any ClawHub skill. Versions v2026.5.9 and later provide guards for over 3.2 million users.

341+ malicious skills (36% flawed/20% malicious); 575+ via 13 compromised devs; Hologram Rust infostealer; ZombieClaw botnet alarms; v2026.5.9+ guards for 3.2M users/plugin boom.

Sources (2)

Updated May 13, 2026

ClawHub Skills Tracker

ClawHub Malware Crisis (ClawHavoc)

Key Questions

What is the ClawHub Malware Crisis?

What is the Hologram Rust infostealer?

How can users protect against ClawHub malware?

Skill Vetter - ClawHub

OpenClaw's Hologram Delivers a Fake Installer and Rust Infostealer

**************ClawHub Malware Crisis (ClawHavoc)**************

Key Questions

What is the ClawHub Malware Crisis?

What is the Hologram Rust infostealer?

How can users protect against ClawHub malware?

Skill Vetter - ClawHub

OpenClaw's Hologram Delivers a Fake Installer and Rust Infostealer

ClawHub Malware Crisis (ClawHavoc)