Find notable cyber news and cases, enriched with sources, timelines, and signals.

VirusTotal Code Insight scanning for OpenClaw ClawHub skills

Security Tool/Service
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

OpenClaw has added VirusTotal Code Insight scanning for ClawHub skill uploads, changing how new skills are vetted before publication. Benign bundles are approved automatically, suspicious ones are flagged with warnings, and malicious downloads are blocked. The marketplace also rescans active skills daily, which helps catch bundles that turn bad after initial approval.

Related Happenings

SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware

Technical Analysis
H score22 First: 06.07.2026 09:33 Last: 06.07.2026 09:33 Sources 1

About this happening: **SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...

Skills.sh scanner blind spot for externally linked AI agent skills

Security Tool/Service
H score22 First: 23.06.2026 18:16 Last: 23.06.2026 18:16 Sources 1

About this happening: Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...

OnyxC2 developers commercialize stealer as tiered MaaS with support

Threat Actor Meta
H score23 First: 11.06.2026 16:00 Last: 11.06.2026 16:00 Sources 1

About this happening: **OnyxC2** has been sold as a **Malware-as-a-Service** stealer, giving cybercriminal buyers access to a rentable credential-theft platform instead of a one-off custom build. The o...

OpenClaw hardening guidance (CNCERT)

Advisory/Mitigation
H score24 First: 14.03.2026 18:17 Last: 14.03.2026 18:17 Sources 1

About this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...

ClawHub malicious skills deliver Atomic Stealer

Malware Activity
H score29 First: 28.02.2026 19:21 Last: 28.02.2026 19:21 Sources 1

About this happening: Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...

Timeline

  1. 08.02.2026 09:32 2 articles · 5mo ago

    OpenClaw adds VirusTotal scanning for ClawHub skills

    Mitigation Patch Update

    OpenClaw added Google-owned VirusTotal scanning to ClawHub, hashing each uploaded skill with SHA-256 and checking it against VirusTotal's database before using VirusTotal Code Insight for deeper analysis; skills judged benign are auto-approved, suspicious skills get a warning, and malicious downloads are blocked, while active skills are rescanned daily to catch bundles that turn malicious after approval. OpenClaw also cautioned that the scanning is not a silver bullet and may miss cleverly concealed prompt injection payloads.

    Show sources