ClawMoat, an open-source security tool for OpenClaw automation software, has identified over 386 malicious skills in the ecosystem, highlighting significant supply-chain risks. These skills engage in unauthorized data exfiltration and persistence mechanisms, exploiting vulnerabilities due to lack of signing, review processes, permission models, and runtime isolation in OpenClaw's architecture. To mitigate these threats, users are advised to scan their skill directories using ClawMoat's pattern-matching and hash verification features, which detect known malicious behaviors and file tampering respectively.
Read the full article at DEV Community
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
