Skip to content
← Blog
Company

1,184 Malicious Skills on ClawHub: Why OpenClaw Agents Need a Governance Layer

OpenClaw's ClawHub marketplace has 1,184+ malicious packages across 12 publisher accounts. Here's why ungoverned AI agent ecosystems are a security crisis — and what architectural governance looks like.

JT
JieGou Team · · 4 min read

JieGou has evolved.

Since this post was published, JieGou has pivoted from an AI automation platform to an AI-powered operations company delivering managed marketing and operations services. Learn about our managed services →

The Numbers Are Getting Worse

In early February 2026, security researchers found 324 malicious skills on OpenClaw’s ClawHub marketplace. By mid-March, that number has grown to 1,184 malicious packages across 12 publisher accounts — a 3.6x increase in six weeks.

The attack pattern is consistent: every ClawHavoc skill uses fake prerequisite installations to silently deploy AMOS (Atomic macOS Stealer), an infostealer that harvests passwords, browser cookies, crypto wallets, and macOS Keychain data. Bitdefender Labs confirmed approximately 20% of deeply analyzed packages contained malicious payloads.

This isn’t a theoretical risk. It’s an active supply chain attack against the most popular open-source AI agent framework on the planet — one with 250,000+ GitHub stars and 100,000+ developers.

The CVE List Keeps Growing

The malicious skills are only part of the picture. OpenClaw has accumulated a series of critical CVEs in 2026:

  • CVE-2026-25253: One-click remote code execution when processing attacker-controlled content
  • CVE-2026-32025: Authentication bypass via WebSocket — attackers can brute-force the gateway from a malicious webpage
  • CVE-2026-32032: Arbitrary shell execution via unvalidated SHELL environment variable
  • CVE-2026-32042, 32048, 32051, 32055, 32056, 32064: Symlink traversal, sandbox escape, unauthenticated VNC observer access, device identity spoofing

Belgium’s CCB (Centre for Cybersecurity) issued an emergency advisory urging immediate patching. CISA added OpenClaw to its Known Exploited Vulnerabilities catalog. The FCEB compliance deadline was March 25, 2026.

Why This Matters for Enterprise AI

OpenClaw is powerful. It’s also the most attack-surface-rich AI framework in production. For enterprises evaluating AI agent platforms, this creates a fundamental question:

Do you want capability without governance, or capability with governance?

The ClawHub crisis illustrates what happens when an AI ecosystem grows faster than its security infrastructure. Skills are user-submitted, verification is minimal, and the trust model assumes good faith from anonymous publishers.

What Architectural Governance Looks Like

JieGou takes a different approach. Instead of an open marketplace where anyone can publish skills, we provide:

Curated Template Library: 400+ pre-built recipes and workflows, each reviewed and tested. No user-submitted code execution — templates are declarative AI workflows, not arbitrary scripts.

10-Layer Governance Stack: Identity verification, encryption (AES-256-GCM), data residency controls, RBAC with 5 roles, approval gates, PII detection, audit logging, compliance timeline, evidence export, and regulatory mapping (EU AI Act, NIST AI RMF, ISO 42001).

Multi-Provider BYOK: Bring your own API keys for Claude, GPT, and Gemini. Keys are encrypted at rest with AES-256-GCM. No vendor lock-in to a single model provider.

Approval Gates: Workflows can require human approval at any step before proceeding. A marketing team’s content pipeline doesn’t auto-publish — it pauses for review.

Audit Trail: Every recipe execution, workflow run, and API call is logged with actor identity, timestamp, and full input/output. SOC 2 Type II audit in progress.

The Difference Is Architectural

OpenClaw’s security challenges aren’t bugs to be patched — they’re consequences of an architectural choice. An open, extensible agent framework with a community skill marketplace will always have a larger attack surface than a governed platform with curated templates.

This isn’t a criticism of OpenClaw’s engineering. It’s an observation about trade-offs. OpenClaw optimizes for extensibility and developer freedom. JieGou optimizes for enterprise governance and department-ready automation.

Both have their place. But if your organization handles customer data, processes financial transactions, or operates under compliance requirements, the governance layer isn’t optional.

Who Should Care

  • IT Security teams evaluating AI agent platforms for enterprise deployment
  • Compliance officers assessing AI governance posture for SOC 2, ISO 27001, or regulatory audits
  • Department leaders who want AI automation without the supply chain risk
  • CISOs who saw the ClawHub headlines and need to present alternatives to leadership

What You Can Do Today

  1. Audit your OpenClaw deployments — check for exposed instances and unverified skills
  2. Patch immediately — CVE-2026-25253 and CVE-2026-32025 are actively exploited
  3. Evaluate governed alternatives — platforms with curated templates, RBAC, approval gates, and audit trails
  4. Try JieGou — 400+ department templates, 10-layer governance, SOC 2 Type II in progress. Get started free.

Sources: RedPacket Security CVE-2026-32025, RedPacket Security CVE-2026-32032, CyberPress ClawHavoc, Particula OpenClaw Security, Kaspersky OpenClaw Risks, CCB Belgium Advisory

openclaw security governance clawhub ai-agents compliance

Explore more

📖 What is AI Governance? ⚙️ Governance Score ⚙️ Why JieGou?
Share this article

Related articles

Why Your AI Needs Approval Workflows — Not Just Guardrails

Guardrails prevent bad AI outputs, but they don't ensure good ones. Learn why approval workflows with audit trails, RBAC, and human-in-the-loop gates are essential for production AI — and how JieGou's 10-layer governance model delivers both.

n8n Raised $180M. They Still Don't Have Governance.

n8n's $180M Series C at a $2.5B valuation validates the automation market. But funding doesn't buy governance architecture. Here's what's missing -- and why it matters for enterprises.

Why 40% of AI Agent Projects Will Fail (and What Gartner Says to Do About It)

Gartner predicts more than 40% of AI agent initiatives could be abandoned by 2027. Organizations with governance platforms are 3.4x more effective. Here's how to be in the 60% that succeed.

Enjoyed this post?

Get workflow tips, product updates, and automation guides in your inbox.

No spam. Unsubscribe anytime.

← Back to all posts