unit42 · Crawled Jul 5, 2026
OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat
15 IoCs 1 Malware
Read original article ↗
AI Summary
OpenClaw's skill marketplace, ClawHub, has become a vector for AI supply chain attacks involving malicious skills that distribute infostealers, evade detection through file padding, and enable financial fraud via affiliate injection and front-running schemes. Multiple malicious skills were discovered between February and May 2026, leveraging paste-site redirects, C2 infrastructure, and dynamic payload delivery. These threats bypassed automated screening tools like VirusTotal and ClawScan, highlighting weaknesses in current detection mechanisms. Palo Alto Networks has collaborated with ClawHub and NVIDIA to improve skill verification and protect customers through advanced security services.
AI-extracted · verify before operational use
Extracted Entities 1 found
Indicators of Compromise 15 extracted
| Type | Value | Detail |
|---|---|---|
| IP | 2.26.75.16 | Details → |
| IP | 91.92.242.30 | Details → |
| Domain | download.setup-service.com | Details → |
| GitHub Repo | Ddoy233/openclawcli | Details → |
| Domain | glot.io | Details → |
| Domain | install.app-distribution.net | Details → |
| Domain | laosji.net | Details → |
| Domain | openclawcli.vercel.app | Details → |
| Domain | rentry.co | Details → |
| SHA-256 | 818aea6143282b352fdfdc0f3ebf77a36e54eb3befb5cad1a355a99ab97c6aa7 | Details → |
| SHA-256 | 881ce5cb124c4d2e814783724cc1388f6a1cbf6eee274c3f3366e77ba3503ad7 | Details → |
| SHA-256 | b30eaed1f7478c28f4ec50d07ed5ef014ffbc4b2bc5a38d689ba9f7abb5e19c2 | Details → |
| SHA-256 | b6c7e0bf573b1c7d9d3a05eb08d26579199515b847df984862805f44a7af8007 | Details → |
| SHA-256 | ebb73dbb5aac1f6fe1a88e8f26126a1e1aa34c9f3345ad4345189b40d9bf1d1d | Details → |
| SHA-256 | f4e41aa269c88bf11a2022701a9cf41e9a186aa1b224d837c31bf34e0b875d0e | Details → |