ClawHub market discovers 1184 malicious skills, or theft of information such as encrypted wallets

SlowMist founder Cosine has issued a security alert stating that a total of 1184 malicious skills have been discovered in OpenClaw's ClawHub marketplace, which could potentially steal SSH keys, encrypted wallets, browser passwords, and open reverse shells. One of the attackers uploaded 677 software packages, with 9 vulnerabilities in the top ranked skill and thousands of downloads. Cosine suggests that users use AI tools through an independent environment and points out that Web3 security issues have surpassed the contractual level, with Moonwell recently stolen $1.78 million due to code flaws.