How many ClawHub skills are malicious?

Snyk research found that 36% of ClawHub skills contain some form of prompt injection risk. The ClawHavoc attack in early 2026 identified 1,184 malicious packages specifically designed to exfiltrate API keys and sensitive data. While ClawHub has removed many of these, new malicious skills continue to appear. Always audit before installing.

What is the ClawHavoc attack?

ClawHavoc was a coordinated supply chain attack discovered in early 2026 where 1,184 malicious packages were uploaded to ClawHub. These skills used techniques like typosquatting (naming skills similarly to popular ones), hidden install scripts that exfiltrated environment variables, and prompt injection to override OpenClaw's safety instructions.

How do I run a security audit on ClawHub skills?

After installing any skill, run 'openclaw security audit --deep' in your terminal. This command scans installed skills for known vulnerabilities, suspicious code patterns, unauthorized network calls, and prompt injection attempts. It checks against OpenClaw's vulnerability database and reports any issues found with severity ratings.

Are official ClawHub skills safe?

Skills marked as 'Official' or 'Verified' on ClawHub have undergone basic review, but no automated system catches everything. Even verified skills can be compromised through supply chain attacks or account takeovers. Treat every skill as potentially risky and apply the full audit checklist regardless of its verification status.

Can ClawHub skills steal my API keys?

Yes. Malicious skills can access environment variables including API keys if proper sandboxing is not in place. The ClawHavoc attack specifically targeted API key exfiltration. Mitigations include running OpenClaw in Docker with limited environment variable exposure, using the security audit command, and reviewing skill source code before installation.

How to Audit ClawHub Skills Before Installing

Quick Answer: Before installing any ClawHub skill, check the publisher's GitHub account age (must be 7+ days), read the skill.md file line by line for hidden install commands, verify star count and downloads, and run openclaw security audit --deep after installation. Snyk found 36% of ClawHub skills contain prompt injection risks.

With 10,700+ community skills on ClawHub, vetting is essential. The ClawHavoc attack identified 1,184 malicious packages designed to steal API keys and exfiltrate sensitive data.

Why Is ClawHub Skill Auditing Critical?

ClawHub is an open marketplace. Anyone can publish a skill, and malicious actors exploit this.

36%

of skills contain prompt injection risks

Snyk security research, 2026

1,184

malicious packages found in ClawHavoc

Coordinated supply chain attack

10,700+

total community skills on ClawHub

Growing daily — vetting cannot be automated fully

What Is the 5-Step ClawHub Skill Audit Checklist?

Follow these steps every time you install a new skill. It takes 5-10 minutes and can save you from a serious security breach.

Step 1: Check Publisher Account Age

Verify the publisher's GitHub account is at least 7 days old. New accounts are a major red flag — the ClawHavoc attack used freshly created accounts to publish malicious skills.

Visit the publisher's GitHub profile
Check account creation date (must be 7+ days old)
Look for other repositories and contribution history
Verify the account has not been recently renamed

Step 2: Read the skill.md File Line by Line

The skill.md file defines what the skill can do and what permissions it requests. Read every line — malicious skills hide install commands, network requests, and data exfiltration instructions in seemingly innocent descriptions.

Open the skill.md file in the skill's repository
Search for any curl, wget, or fetch commands
Look for base64-encoded strings (used to hide payloads)
Check for instructions that override OpenClaw's safety settings

Step 3: Verify Star Count and Downloads

Popular skills with hundreds or thousands of stars are generally safer — but not immune. Compare the star count to download count. A skill with many downloads but few stars may be artificially inflated.

Check GitHub stars (higher is generally better)
Compare stars to ClawHub download count
Look for recent star spikes (may indicate manipulation)
Read recent issues and pull requests for security reports

Step 4: Scan for Hidden Install Scripts

Check the skill's package.json or install scripts for post-install hooks that execute code during installation. This is the most common attack vector — code runs before you even use the skill.

Check package.json for 'postinstall' or 'preinstall' scripts
Look for shell scripts that run during installation
Search for obfuscated JavaScript or encoded payloads
Verify all dependencies are from known, trusted sources

Step 5: Run the Security Audit Command

After installation, always run OpenClaw's built-in security audit. This scans for known vulnerabilities, suspicious patterns, and unauthorized network access attempts.

Run: openclaw security audit --deep
Review each finding and its severity rating
Address any CRITICAL or HIGH findings before using the skill
Re-run after skill updates to catch new vulnerabilities

What Are the Red Flags to Watch For?

If you spot any of these warning signs, do not install the skill. Report it to ClawHub instead.

Account created within the last 7 daysCRITICAL

Skill name is a typo of a popular skill (typosquatting)CRITICAL

Post-install scripts that make network requestsCRITICAL

Base64-encoded strings in skill.md or source codeHIGH

Requests to override OpenClaw safety instructionsHIGH

No source code repository linked from ClawHub listingHIGH

Excessive permission requests (filesystem, network, env)MEDIUM

No README, no documentation, no usage examplesMEDIUM

Star count inconsistent with download countLOW

No recent updates or maintenance activityLOW

The ClawHavoc Attack: What Happened

In early 2026, security researchers discovered a coordinated supply chain attack on ClawHub. Dubbed "ClawHavoc," the attack involved 1,184 malicious packages uploaded by a network of fake accounts. Here is what they did:

Typosquatting: Named skills similarly to popular ones (e.g., 'openclaw-slak' instead of 'openclaw-slack')
Hidden install scripts: Post-install hooks that silently exfiltrated environment variables including API keys
Prompt injection: skill.md files containing instructions that overrode OpenClaw's safety guardrails
Data exfiltration: Captured and sent API keys, file contents, and system information to attacker-controlled servers
Persistence: Some skills installed background processes that survived OpenClaw restarts

Learn more about protecting yourself: ClawHub Malicious Skills Report

How Do You Report a Suspicious Skill?

If you find a skill that looks malicious, report it immediately to protect the community.

Flag on ClawHub

Click the 'Report' button on the skill's ClawHub page. Include specific details about what you found suspicious.

Open a GitHub Issue

File an issue on the OpenClaw GitHub repository with the skill name, publisher, and evidence of malicious behavior.

Run and Share Audit Results

Run 'openclaw security audit --deep' and include the output in your report. This helps the security team triage quickly.

Notify the Community

Post in OpenClaw's Discord or community forums to warn other users while the report is being reviewed.

Frequently Asked Questions

Stop Wasting 40-60% of Your AI Budget

Download the free '6 Token Drains' guide — identify the hidden patterns burning through your tokens and get copy-paste fixes for each one.

Read the Free Guide

See what we've built for real businesses →

Your Competitors Are Already Automating. Are You?

Every week we send one automation that saves 10+ hours of manual work — the same playbooks our clients use to run their businesses on autopilot. Miss a week, miss the edge.

Save 10+ hours/week Cut AI costs by 97% Deploy in under 20 min

Get the Automation Playbook (Free)

One deploy-ready automation every week. Same strategies our clients pay thousands for. 400+ business owners already inside.

Need it done for you?

Book a Free Strategy Call See what we've built for real businesses →

Custom Build (clawrevops.ai) Done-For-You Builds