Security
Security Alert: The ClawHavoc attack campaign demonstrated that malicious skills can pose real risks. Learn how to protect your OpenClaw instance.
Supply Chain Security: OpenClaw's skill ecosystem allows powerful customizations, but it also requires careful vetting of third-party code.
The ClawHavoc Attack Campaign
In early 2026, security researchers discovered ClawHavoc—an attack campaign where malicious skills were uploaded to ClawHub:
- ~341 out of 2,857 skills (12%) were malicious
- Malicious skills deployed keyloggers and malware
- Some skills leaked sensitive credentials in plaintext
Vetting Third-Party Skills
# Always review skill source code before installing
openclaw skills inspect skill-name
# Install from trusted sources only
openclaw skills install skill-name --source="official"Security Checklist for Skills
- Check author reputation: Has the developer published other skills?
- Review code manually: Look for suspicious network requests
- Test in isolation: Run in a sandboxed environment first
- Check permissions: What system access does the skill need?
- Monitor behavior: Watch for unusual activity after installation
Hardening Your Installation
# Restrict skill permissions
openclaw config set skills.sandbox_mode=true
# Require skill verification
openclaw config set skills.verify_signature=true
# Limit network access
openclaw config set skills.network_access=restrictedDetecting Compromised Skills
# Scan installed skills for vulnerabilities
openclaw skills audit
# Monitor network activity
openclaw logs filter --type="network"Best Practices
- Only install skills you actively need
- Remove unused skills regularly
- Keep OpenClaw updated for security patches
- Report suspicious skills to the community
- Consider running skills in containers for isolation