Breaking: Snyk researchers uncover a malicious "Google" skill on ClawHub that tricks users into installing malware via a fake OpenClaw dependency. Learn how the attack works and how to protect your AI agents.

Snyk's blog is a source of information and advice for developers looking to ensure the security of their software applications. From vulnerability management and secure coding practices to compliance standards and threat intelligence, it covers a wide range of topics relevant to software security. Through practical tips, case studies, and expert commentary, the blog empowers developers to identify and address security vulnerabilities in their code, helping them build and maintain secure software applications in today's threat landscape.

Snyk

Snyk researchers discovered a sophisticated supply chain attack targeting OpenClaw AI agent users through ClawHub. The attack uses a fake Google skill that tricks users into manually installing malware by embedding malicious instructions in SKILL.md files. Rather than hiding code in dependencies, attackers exploit the human-in-the-loop nature of AI agents, using social engineering to convince users to execute commands that download payloads from external sources. The malware uses evasion techniques including decoupled payloads, password-protected archives, and legitimate hosting platforms. ClawHub has implemented new security controls including account age requirements and community reporting systems.

How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware

The SKILL.md "Prerequisite" trap injects malware

Unifying Control for Agentic AI With Evo By Snyk