Anthropic says it has foiled the first-ever AI-orchestrated cyber attack, originating from China
One of the flagged skills appeared on the front page of ClawHub before being removed, dramatically increasing the likelihood of accidental installs. A user who encountered the listing described being prompted to run a single-line command that pulled code from an external server — that would raise immediate red flags among more experienced developers, but could quite easily trick the unsuspecting casual user.
Unfortunately, we can expect to see more of this with agent-style AI tooling on the rise. OpenClaw's appeal is its ability to act on a user’s behalf, changing together things like file access and command execution to simplify workloads. That same capability can also create vulnerabilities when third-party code is introduced; OpenClaw's security documentation warns that skills and plugins should be treated as trusted code, and that installing them is equivalent to granting local execution privileges.
This isn’t the first attempt to piggyback on OpenClaw's sudden popularity. Just a few days ago, security researchers also documented a fake Visual Studio Code extension impersonating the assistant, which was able to deliver a remote access payload before it was taken down. The project’s recent renaming from Clawdbot to Moltbot following a trademark dispute — and then again from Moltbot to OpenClaw in just a matter of days — has further complicated matters by creating multiple names that attackers can impersonate in their social engineering attempts.
Until stronger moderation or verification arrives, OpenClaw's skills ecosystem effectively operates on trust. Anybody sourcing skills from public registries should be careful to review them with the same level of scrutiny as any other executable dependency, with instructions requiring manual command execution warranting extra care.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/malicious-moltbot-skill-targets-crypto-users-on-clawhub#main
- https://www.tomshardware.com
- Into the Omniverse: Physical AI Open Models and Frameworks Advance Robots and Autonomous Systems
- Intel's upcoming Core Ultra 9 290K Plus appears on Geekbench with chart-topping scores — Arrow Lake refresh beats the 285K by ~10% across single- and multithrea
- Biwin Black Opal NV7400 2TB SSD Review: Another Arrow in Biwin’s Quiver
- Intel ties AMD for most reliable CPUs in 2025 system builder report — Nvidia's Founders Edition GPUs dominate with the lowest failure rates
- Shanghai scientists create computer chip in fiber thinner than a human hair, yet can withstand crushing force of 15.6 tons — fiber packs 100,000 transistors per
Informational only. No financial advice. Do your own research.