Koi Security Finds Malicious Skills on ClawHub

On Feb. 3, 2026, Koi Security audited 2,857 ClawHub skills and found 341 malicious listings, including 335 that deploy an Apple macOS stealer called Atomic Stealer. The campaign, dubbed ClawHavoc, uses 'Prerequisites' to trick users into running external installers from GitHub or glot.io. This exposes OpenClaw users to supply-chain malware and raises risk for macOS deployments.
Key Points
- 1Identified 341 malicious skills in 2,857 ClawHub listings, 335 installing Atomic Stealer.
- 2Expose supply-chain vector via 'Prerequisites' that install external scripts or ZIPs from GitHub/glot.io.
- 3Prompt OpenClaw operators to vet skill dependencies and block external installer execution.
Scoring Rationale
Strong practical impact and clear supply-chain threat; limited by single-source reporting and confined OpenClaw user base.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems