OpenClaw, an open-source autonomous agent framework, has partnered with Google's VirusTotal after discovery of malicious code in its ClawHub skills marketplace. A Koi audit found 341 malicious skills among 2,857 entries—335 tied to a single supply-chain attack—prompting OpenClaw to adopt VirusTotal scanning and CodeInsight LLM analysis. The project warns scans won't catch language-based or prompt-injection attacks and urges segmentation.
Key Points
- 1Identifies 341 malicious skills among 2,857 ClawHub entries, 335 tied to one supply-chain attack
- 2Partners with VirusTotal and gains CodeInsight LLM analysis to detect known malware signatures
- 3Warns that natural-language or prompt-injection attacks evade signature scans; practitioners must segment and restrict bots
Scoring Rationale
Strong credibility and high practitioner impact from official VirusTotal collaboration; limited broader novelty and moderate technical depth.
Sources
Public references used for this report.
Practice with real Hotels & Lodging data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Hotels & Lodging problems
