律动BlockBeats
律动BlockBeats|Feb 20, 2026 03:13
[Security Reminder: 1,184 Malicious Skills Found on ClawHub Marketplace, Potentially Stealing SSH Keys, Crypto Wallets, etc.] BlockBeats News, February 20: SlowMist founder Yu Jian reposted a security reminder stating that 1,184 malicious skills have been identified on the ClawHub marketplace of OpenClaw. These skills can steal SSH keys, crypto wallets, browser passwords, and open reverse shells. A single attacker uploaded 677 packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times. Yu Jian reminds users that text is no longer just text but commands. It is recommended to use AI tools in isolated environments, as many OpenClaw skills pose potential risks. Furthermore, in Web3 security, smart contracts are only part of the equation; the root causes of incidents often extend beyond contracts. A few days ago, Moonwell suffered a $1.78 million theft, with the flawed code originating from Co-Authored-By: Claude Opus 4.6.
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads