{"data":{"id":"b9f83835-2160-40c1-b189-74ddc9902c14","title":"More Malicious OpenClaw Skills Threaten AI Supply Chain","summary":"OpenClaw, an AI skills marketplace called ClawHub, discovered and removed five malicious packages that had bypassed security checks despite containing infostealers (malware that steals information like passwords and data). This incident demonstrates that threats can slip through marketplace defenses and compromise the AI supply chain (the network of tools and components used to build AI systems).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.darkreading.com/cyber-risk/malicious-openclaw-skills-clawhub-threaten-ai-supply-chain","publishedAt":"2026-06-24T16:56:49.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","ClawHub"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-24T16:56:49.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"plugin","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}