A recent surge in attacks via AI plugins has raised significant security concerns. Over 1,100 malicious skills were found on the OpenClaw marketplace, with one attacker uploading 677 packages disguised as crypto bots, YouTube summarizers, and wallet trackers. The malware, often hidden in seemingly professional documentation, installs tools like Atomic Stealer to harvest passwords, SSH keys, Telegram sessions, crypto wallets, and more.

Notably, the top malicious skill “What Would Elon Do” contained nine vulnerabilities, including two critical ones, and used prompt injection to bypass protections. The openness of ClawHub, allowing any GitHub account over a week old to publish plugins, has increased the risk, making AI agents a new target for supply chain attacks.

Experts urge caution: verify source code, avoid blindly executing commands from documentation, and restrict AI agent access to system files and keys. In the era of agent-based AI, security must take precedence over convenience.