ClawHub supply-chain risks
Key Questions
What supply-chain risks exist in ClawHub for OpenClaw?
Approximately 20% of skills on ClawHub, or over 341 confirmed cases, are malicious amid a marketplace of 44k+ skills. This raises trust issues with VirusTotal scans.
How does the Axios v3.28 issue extend dependency risks?
The compromised Axios library in OpenClaw 3.28 adds to broader supply-chain vulnerabilities. It affects users relying on third-party components in the ecosystem.
What malicious skills have been reported on ClawHub?
Malicious OpenClaw skills targeting crypto users have been uploaded, with at least 14 identified in recent reports. The marketplace continues to see AI takeover attempts.
How many skills are available in the ClawHub marketplace?
ClawHub hosts over 44,000 skills, including hundreds of production-ready options for engineering, marketing, and compliance. Users can install them via simple commands.
What steps can users take to avoid malicious ClawHub skills?
Users should verify skills with VirusTotal and trust signals before installation. Monitoring for suspicious uploads helps mitigate risks in the OpenClaw ecosystem.
~20% malicious skills (341+); VirusTotal/trust issues in 44k+ marketplace amid ongoing dependency risks.