Attackers Pollute OpenClaw Platform with 341 Malicious Skills Exposed

SlowMist security team detects 341 malicious skills on OpenClaw's ClawHub, posing risks to developers and users. Attackers conduct supply chain poisoning by disguising commands as dependency installation steps in SKILL.md files. Typical attack involves downloading a payload and executing it via bash. Koi Security reports the discovery, with attackers using domains/IPs shared across multiple malicious skills.