Malware Found in Top Agent Skill on ClawHub
The top downloaded "Twitter" skill on ClawHub was found to distribute macOS infostealing malware. Attackers used simple markdown "skills" as disguised installers, leveraging user trust to execute malicious code and bypass agent security measures. Agent skill registries are now supply chain attack vectors. Expect infostealer compromise if running skills on corporate devices.
Read full story→