ACTIVE THREAT — Feb 2026

341 malicious skills
found on ClawHub.

Koi Security and Snyk independently discovered hundreds of skills designed to steal your API keys, credentials, and data. Is your OpenClaw instance protected?

🛡️ Harden My Instance — €24 One-time purchase · Cross-platform · Instant download
🐧 Linux 🍎 macOS 🪟 WSL
oc-security-audit.sh
$ bash oc-security-audit.sh
[INFO] OpenClaw dir: ~/.openclaw
[INFO] Scanning 12 installed skills...
[FAIL] Skill 'helpful-assistant' stores secrets in memory
[FAIL] Skill 'code-review-pro' contains reverse shell pattern
[PASS] .env file permissions correct (600)
[PASS] SSH root login disabled
[WARN] SSH on default port 22
[PASS] UFW firewall active

───────────────────────────
Passed: 8  Warnings: 3  Failures: 2
341
Malicious skills discovered
283
Skills leaking credentials
2
CVEs (Feb 2026)
15m
Setup time
The Threat

Your AI agent trusts every skill
you install. Attackers know this.

Skills are plain-text instructions. A malicious skill can tell your agent to exfiltrate API keys, store credentials in memory files, or open reverse shells — all without you knowing.

🔑

Credential Theft

Skills instruct the agent to save API keys, tokens, and passwords into MEMORY.md — then exfiltrate them via curl or encoded URLs.

CVE-2026-25253
💳

Financial Data Leaks

Some skills ask for credit card numbers and CVC codes "for testing" — passing them through the LLM context where they get logged.

Snyk Pattern #2
🚪

Reverse Shells

Advanced malicious skills execute shell commands to open backdoors on your server — persistent access for attackers.

CVE-2026-25157
What's Included

4 scripts. 15 minutes.
Enterprise-grade hardening.

Each script detects your OS automatically and adapts — Linux (ufw, apt), macOS (pfctl, brew), or WSL.

🔍

Skill Scanner

Deep-scan any skill before installation. Detects all 12 known malicious patterns from the Snyk/Koi research.

oc-skill-scanner.sh
🔒

Security Audit

Full 8-point audit: skills, credentials, gateway, SSH, firewall, permissions, versions, OS security. JSON output.

oc-security-audit.sh
🧱

Firewall Setup

Deny-by-default with rate-limited SSH. Auto-detects web servers. UFW on Linux, pfctl on Mac.

oc-firewall-setup.sh
🔐

SSH Hardening

CIS-benchmark config: disable root, key-only auth, idle timeout, verbose logging. Auto-backup.

oc-ssh-harden.sh
📋

Security Checklist

Step-by-step hardening guide. Print it, tick boxes, sleep better. Covers network, auth, skills, and monitoring.

checklist.md

Verified Skills List

Curated list of audited, safe ClawHub skills. Updated as new skills are reviewed.

verified-skills.md
In The News

The security community is sounding the alarm

"Researchers found 341 malicious 'skills' on AI agent marketplace ClawHub… skills could steal credentials, inject prompts, or open reverse shells."
The Register
Feb 2026
"The fundamental problem is trust. Skills are just text that the AI agent follows. A malicious skill author can make your agent do anything your user can do."
Hacker News
Top discussion, 487 points
"283 skills were found to be leaking user credentials through prompt injection and memory file exfiltration techniques."
Snyk Security Research
Koi Security collab, Feb 2026
Pricing

Less than a dinner out.
One-time. If it saves one API key, it paid for itself 100×.

Launch Price
24
One-time payment · Lifetime updates
  • 4 cross-platform hardening scripts
  • Deep skill scanner (12 malicious patterns)
  • Full 8-point security audit
  • 15-minute hardening guide
  • Verified safe skills list
  • Linux, macOS, WSL support
  • --dry-run mode (preview before applying)
  • JSON audit output (CI/CD ready)
🛡️ Get the Security Kit — €24
🔒 Secure checkout via LemonSqueezy · Instant download
FAQ

Common questions

Do I need this if I don't install ClawHub skills?
Yes. The audit script checks much more than skills — it audits your SSH config, firewall, file permissions, exposed ports, credential leaks in memory files, and OS security. Even a vanilla OpenClaw install benefits from hardening.
Will it break my existing setup?
Every script has a --dry-run mode that shows exactly what it would do without making changes. The SSH hardening script auto-creates a backup before modifying anything. We recommend running dry-run first.
Does it work on my OS?
All scripts auto-detect your OS (Linux, macOS, WSL) and adapt. Linux uses ufw/apt/systemctl, macOS uses pfctl/launchctl/brew, and WSL provides guidance for Windows-side configuration where needed.
Can I use this in CI/CD?
Absolutely. The audit script supports --json output, making it easy to integrate into CI pipelines. Run it as a pre-deploy check to catch misconfigurations.
What about updates?
Lifetime updates included. As new CVEs and malicious patterns are discovered, we update the detection patterns and you get the new version.

Don't wait for the breach.

341 malicious skills are already on ClawHub. Your API keys are worth more than €24.

🛡️ Harden My OpenClaw — €24