
ClawHub Malicious Skills Deliver macOS Infostealers Through Base64 curl-pipe-bash Droppers
OpenClaw’s dedicated AI agent marketplace, ClawHub, has become a prime target in the agentic software supply chain. Unlike traditional environments like npm or PyPI, malicious AI skills use semantic instruction hijacking to exploit an agent’s operational context, including file systems and credential managers. Following early attacks in February 2026, ClawHub integrated VirusTotal and ClawScan to […]
The post ClawHub Malicious Skills Deliver macOS Infostealers Through Base64 curl-pipe-bash Droppers appeared first on Cyber Security News.