Anthropic says it has foiled the first-ever AI-orchestrated cyber attack, originating from China
One of the flagged skills appeared on the front page of ClawHub before being removed, dramatically increasing the likelihood of accidental installs. A user who encountered the listing described being prompted to run a single-line command that pulled code from an external server — that would raise immediate red flags among more experienced developers, but could quite easily trick the unsuspecting casual user.
Unfortunately, we can expect to see more of this with agent-style AI tooling on the rise. OpenClaw's appeal is its ability to act on a user’s behalf, changing together things like file access and command execution to simplify workloads. That same capability can also create vulnerabilities when third-party code is introduced; OpenClaw's security documentation warns that skills and plugins should be treated as trusted code, and that installing them is equivalent to granting local execution privileges.
This isn’t the first attempt to piggyback on OpenClaw's sudden popularity. Just a few days ago, security researchers also documented a fake Visual Studio Code extension impersonating the assistant, which was able to deliver a remote access payload before it was taken down. The project’s recent renaming from Clawdbot to Moltbot following a trademark dispute — and then again from Moltbot to OpenClaw in just a matter of days — has further complicated matters by creating multiple names that attackers can impersonate in their social engineering attempts.
Until stronger moderation or verification arrives, OpenClaw's skills ecosystem effectively operates on trust. Anybody sourcing skills from public registries should be careful to review them with the same level of scrutiny as any other executable dependency, with instructions requiring manual command execution warranting extra care.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/malicious-moltbot-skill-targets-crypto-users-on-clawhub#main
- https://www.tomshardware.com
- Intel returns to boxed workstation CPUs with Xeon 600 — Granite Rapids WS delivers up to 86 cores, 4TB of memory, and 128 PCIe 5 lanes
- Intel ties AMD for most reliable CPUs in 2025 system builder report — Nvidia's Founders Edition GPUs dominate with the lowest failure rates
- Malicious OpenClaw ‘skill’ targets crypto users on ClawHub — 14 malicious skills were uploaded to ClawHub last month
- Chinese researchers discover new salty cooling solution that can drop temperatures by more than 50 degrees Celsius in seconds — depressurizing saturated fluid t
- Survive the Quarantine Zone and More With Devolver Digital Games on GeForce NOW
Informational only. No financial advice. Do your own research.