Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 339, Issue 4IT Vendor NewsPalo Alto Networks

OpenClaw's Skill Marketplace and the Emerging AI Supply Chain Threat

Palo Alto Networks, Tuesday, June 23rd, 2026

Unit 42 finds malicious skills on OpenClaw's ClawHub marketplace, revealing new AI agent supply chain threats.

Unit 42 examined malicious skills discovered on ClawHub, OpenClaw's AI agent marketplace, between February and May 2026.

Researchers identified five unblocked malicious skills spanning three threat categories: infostealers distributing macOS malware, evasion techniques using file padding to bypass scanners, and novel agentic threats including affiliate injection and cryptocurrency pump-and-dump fraud.

The findings show that AI agent ecosystems have altered the supply chain attack paradigm, since malicious skills can exploit agent authority without traditional exploits.

The report urges scrutiny of third-party AI agent components.

more →  ·  More from Palo Alto Networks →