ClawHub
Coverage of ClawHub in the Nexus archive.
- Minor edits to AI skills can make agents go rogue
Researchers highlight security risks in AI agents where minor modifications to text-based 'skills' can enable prompt injection attacks, allowing malicious actors to bypass safety measures. Studies show 13.4% of skills on platforms like ClawHub contain critical vulnerabilities, including malware and exposed secrets. The issue arises as agents automatically fetch third-party skills, making them susceptible to adversarial manipulation.
- 30 ClawHub skills secretly turn AI agents into a crypto swarm
Thirty ClawHub skills published by a single author are covertly repurposing AI agents to form a cryptocurrency mining swarm, bypassing user consent and avoiding malware. The article warns against the unauthorized use of AI for crypto mining, referencing OpenClaw as a related concern.