On February 20, Cosmos Yu, founder of SlowMist, shared a security alert. As of now, 1,184 malicious AI skills have been identified on OpenClaw’s ClawHub marketplace. These skills can steal SSH keys, encrypt wallets and browser passwords, and spawn a reverse shell. A single attacker uploaded 677 of these packages. The top-ranked skill contains 9 vulnerabilities and has been downloaded thousands of times. Yu warned users that text is no longer just text — it’s a command. He recommended running AI tools in an isolated environment, as many OpenClaw skills pose potential risks. Additionally, in Web3 security, smart contracts are only one piece of the puzzle; the root cause of breaches is no longer limited to smart contracts. Just days ago, Moonwell suffered a $1.78 million hack, with the vulnerable code co-authored by Claude Opus 4.6.
