SECURITY • OpenClaw quick fix

Installing random ClawHub skills? Quarantine first.

Acronis TRU reports an active AI supply-chain campaign that abused Hugging Face and ClawHub/OpenClaw, including 575+ malicious OpenClaw skills across 13 developer accounts. Treat third-party skills like code that can reach your workspace: useful, but not something to install blind in the same profile that holds credentials, production repos, or agent memory.

In simple words: Make a safe copy if the step could change your setup, try the smallest check, then confirm OpenClaw is back to normal before doing more. The source link and commands stay below for people who want the technical detail.

Checklist

Pause impulse installs from unknown ClawHub publishers, especially brand-new accounts, cloned names, or skills that ask you to run an external installer.

Inspect the skill files before enabling: look for hidden shell commands, encoded downloads, password-protected archives, network beacons, persistence, or prompt text that tries to override your safety rules.

Safer first look before trusting a skill

openclaw skills search <skill-name>
# Inspect the public ClawHub page and files before install.
# Prefer a disposable profile/container for first execution.

Install untrusted skills only in a disposable OpenClaw profile/container first, with no provider keys, browser sessions, SSH keys, production repos, or private memory mounted.

Pin the exact skill slug/version and keep the source URL in your change log so rollback is possible if the package is renamed, removed, or later flagged.

After any skill/plugin install, run a minimal smoke test and remove the skill immediately if it requests unexpected filesystem, shell, browser, or network access.

Success looks like

• New skills are reviewed before they touch your real workspace or credentials.

• Unknown packages get a disposable-profile trial, not direct access to your daily OpenClaw state.

• You have an install log that makes suspicious additions easy to remove and investigate.

Source: Acronis TRU report · link

Before the next risky OpenClaw change

Turn this quick fix into a repeatable rollback path.

If this touches tokens, providers, upgrades, plugins, or shared-agent settings, do the free check first — then use a verified snapshot and one restore drill before trusting unattended work again.

What OpenClaw Safety Net adds

pre-change snapshot checklist
restore-drill steps before the real incident
gateway/config smoke test before agents run again

Use the free fix when: you only need to unblock this one low-risk change and can write the backup label, smoke result, and rollback trigger in your own notes.

Buy when: this same risk will happen again, another person needs to repeat the fix, or you want a purchase-to-first-GREEN receipt, restore drill, and written rollback record before agents run unattended.

Do not buy yet if: you have not tried the free checklist, you need live support, or you are not ready to make a verified backup before changing a working setup.

Use OpenClaw Safety Net before the risky change →

Free fix first; buy the playbook only when the rollback path needs a repeatable first-GREEN proof record.

Have a high‑value nugget? Submit it.