Skill Marketplace and the Emerging AI Supply Chain Threat
Essential information
- Published
- 24/06/2026 05:38
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- affiliate injection agentic threats ai supply chain amos clawhavoc clawhub cluw defense evasion front-running infostealer openclaw
- Related entities
- 11 indicators, 5 observables, 19 techniques (mitre), 3 malware
Description
Between February and May 2026, researchers identified five malicious skills on ClawHub, OpenClaw's AI agent marketplace, that evaded detection by VirusTotal and ClawScan. The threats included two macOS infostealers communicating with command-and-control infrastructure, one skill using file padding to bypass scanner thresholds, and two novel agentic threats exploiting the AI supply chain for financial gain. The infostealers delivered payloads including AMOS malware through Base64-encoded droppers and paste-site redirects. One skill implemented runtime affiliate injection by forcing agents to recommend products through malicious referral links, while another orchestrated a front-running scheme using coordinated AI agents to manipulate cryptocurrency token launches. These attacks demonstrate how malicious actors exploit semantic instruction hijacking and the lack of isolation between skill logic and agent authority to compromise AI agent ecosystems.