30 ClawHub skills secretly turn AI agents into a crypto swarm
ATT&CK techniques detected
T1195.001Compromise Software Dependencies and Development Tools
57%
"' t approve any of this activity and doesn ’ t see it happening. in addition to being the name of the crypto - swarm campaign sharma documented, clawswarm is also an open source agentic skill framework on github. the imaflytok ' s skills open at onlyflies. buzz are one such imple…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
51%
"##mmy packages flooded the npm registry to farm tea points. clawswarm, according to sharma, " follows the same playbook, " but uses skills instead of npm packages. " whether clawswarm instances are a legitimate experiment in agent economics or a recruitment funnel for speculative…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Yet another reason not to feast on OpenClaw
Thirty ClawHub skills published by a single author are silently co-opting AI agents and creating a mass cryptocurrency mining swarm – without any malware or user consent.…