How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware

A sophisticated supply chain attack has targeted users of OpenClaw, an open-source AI agent framework, by leveraging ClawHub to distribute a malicious package disguised as a legitimate Google integration. This attack exploits the trust users place in AI agents, using social engineering embedded in a SKILL.md file to trick users into executing malicious commands. The campaign utilizes techniques such as "pastebin piping" and malware evasion strategies, and has been linked to the google-qx4 skill and its variants. In response, ClawHub has implemented stronger security controls, requiring accounts to be at least one week old before posting new skills and automatically hiding any skill that receives more than three reports. Additionally, Evo by Snyk is highlighted as a tool that extends security protection to AI runtime by monitoring agent behavior for anomalies, emphasizing the need for AI-Native Security to address these novel threats.