A security audit of ClawHub found 341 malicious skills, primarily linked to a single campaign called ClawHavoc. These skills disguise themselves as legitimate tools but deliver trojans capable of stealing sensitive information from users. The attack leverages common installation practices to bypass security measures.

OpenClaw, a popular AI agent, has been linked to security issues due to malware found in numerous user-created add-ons on its ClawHub marketplace. Security researchers identified hundreds of malicious skills that trick users into downloading harmful software that can steal sensitive information. The platform's creator is implementing measures to mitigate these risks, but vulnerabilities remain.