Marketplace/supply-chain risks — ClawHavoc (539 skills), malicious npm/GitHub
Key Questions
What is ClawHavoc in OpenClaw skills?
ClawHavoc malware affects 539 out of 2,890+ ClawHub skills, per ClawSecure analysis. It represents 41% vulnerable and 12% malicious skills overall. This highlights supply-chain risks.
How prevalent are malicious skills in ClawHub?
ClawSecure found 41% of skills vulnerable and 12% with malware, including ClawHavoc in 539. Over 1,000 malicious skills reported in some analyses. Users should scan before deployment.
What marketplace involvement is there with OpenClaw?
ByteDance (43k instances), Alibaba, and Tencent host risky plugins. ClawHub enables skill sharing but lacks trust verification. SecureVector and v4.5 blocks mitigate issues.
What does CertiK report on OpenClaw CVEs?
CertiK identified over 100 CVEs in OpenClaw and variants, including critical ones. Their analysis reveals framework risks. Comprehensive security evaluations are available.
What is SandyClaw?
SandyClaw by Permiso Security is a sandbox for AI agent skills, providing dynamic analysis. It addresses plugin trust flaws. It's the first such tool for OpenClaw skills.
How to secure OpenClaw plugins?
Use skill testing before production, SecureVector scans, and v4.5 blocks. Hardening guides cover secret management. Avoid in-process full-trust plugins.
What happened in the OpenClaw hack?
A hack involved malicious skills installation, as detailed in reports. Over 341 malicious skills found in comparisons like OpenClaw vs N8N. Lessons focus on caution.
What common OpenClaw security mistakes occur?
Misconfigurations leave agents open, including untrusted plugins running in-process. Three key errors noted in 2026 research. Guides recommend proper secret mgmt and audits.
ClawHavoc 539/2,890+ ClawHub (41% vuln/12% malware per ClawSecure); ByteDance 43k/Alibaba/Tencent; plugin trust flaws/skill testing; SecureVector scans; v4.5 blocks; CertiK 100+ CVEs; hardening guides incl. secret mgmt.