VirusTotal Code Insight scanning for OpenClaw ClawHub skills
Security Tool/Service
Summary
Hide ▲
Show ▼
OpenClaw has added VirusTotal Code Insight scanning for ClawHub skill uploads, changing how new skills are vetted before publication. Benign bundles are approved automatically, suspicious ones are flagged with warnings, and malicious downloads are blocked. The marketplace also rescans active skills daily, which helps catch bundles that turn bad after initial approval.
Related Happenings
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical Analysis
H score22
First: 06.07.2026 09:33
Last: 06.07.2026 09:33
Sources 1
About this happening:
**SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical AnalysisAbout this happening: **SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/Service
H score22
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/ServiceAbout this happening: Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
OnyxC2 developers commercialize stealer as tiered MaaS with support
Threat Actor Meta
H score23
First: 11.06.2026 16:00
Last: 11.06.2026 16:00
Sources 1
About this happening:
**OnyxC2** has been sold as a **Malware-as-a-Service** stealer, giving cybercriminal buyers access to a rentable credential-theft platform instead of a one-off custom build. The o...
OnyxC2 developers commercialize stealer as tiered MaaS with support
Threat Actor MetaAbout this happening: **OnyxC2** has been sold as a **Malware-as-a-Service** stealer, giving cybercriminal buyers access to a rentable credential-theft platform instead of a one-off custom build. The o...
OpenClaw hardening guidance (CNCERT)
Advisory/Mitigation
H score24
First: 14.03.2026 18:17
Last: 14.03.2026 18:17
Sources 1
About this happening:
China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...
OpenClaw hardening guidance (CNCERT)
Advisory/MitigationAbout this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...
ClawHub malicious skills deliver Atomic Stealer
Malware Activity
H score29
First: 28.02.2026 19:21
Last: 28.02.2026 19:21
Sources 1
About this happening:
Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
ClawHub malicious skills deliver Atomic Stealer
Malware ActivityAbout this happening: Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
Timeline
-
08.02.2026 09:32 2 articles · 5mo ago
OpenClaw adds VirusTotal scanning for ClawHub skills
Mitigation Patch UpdateOpenClaw added Google-owned VirusTotal scanning to ClawHub, hashing each uploaded skill with SHA-256 and checking it against VirusTotal's database before using VirusTotal Code Insight for deeper analysis; skills judged benign are auto-approved, suspicious skills get a warning, and malicious downloads are blocked, while active skills are rescanned daily to catch bundles that turn malicious after approval. OpenClaw also cautioned that the scanning is not a silver bullet and may miss cleverly concealed prompt injection payloads.
Show sources
- OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills — thehackernews.com — 08.02.2026 09:32
- OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills — thehackernews.com — 08.02.2026 09:32