Signal

OpenClaw patches one-click RCE as ClawHub audit flags malicious skills

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-02 14:10 UTCUpdated 2026-02-02 17:49 UTC

rss

cvercevulnerabilitypatchsupply_chainmalicious_packages

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (3)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

The Hacker News · News · thehackernews.com · 2026-02-02 17:49 UTC

OpenClaw patches one-click RCE as security Whac-A-Mole continues

The Register Security · News · go.theregister.com · 2026-02-02 14:10 UTC

limited source diversity in top sources

View all evidence

Overview

OpenClaw’s security posture is under renewed scrutiny as researchers describe a one-click remote code execution path triggered by a malicious link/web page, while a separate audit of the ClawHub ecosystem highlights supply-chain style risk from third-party “skills.” Together, the reports portray an ecosystem where patching core flaws and policing extensions are both necessary to reduce takeover and data-theft exposure.

Entities

Koi SecurityOpenClawClawHubClawdBotMoltbot

Score total

1.09

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

CVE-2026-25253 disclosure and patch coverage is circulating in security news
New reporting describes an exploit chain requiring only a malicious web page
A fresh ClawHub audit claims hundreds of malicious skills across campaigns

Why it matters

One-click RCE paths can enable rapid compromise from a single link/web page
Third-party “skills” marketplaces can introduce supply-chain risk to users
Multiple concurrent issues suggest defenders must watch both core and extensions

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

OpenClaw disclosed and patched a high-severity one-click remote code execution issue tracked as CVE-2026-25253.
Researchers reported an exploit chain enabling code execution via a single malicious web page, amid ongoing OpenClaw ecosystem security issues.
An audit of ClawHub skills reported 341 malicious skills found among 2,857 reviewed, described as exposing OpenClaw users to supply-chain risks.

How sources frame it

The Hacker News: neutral
The Register Security: neutral

Cluster centers on OpenClaw ecosystem security: one-click RCE patch plus malicious marketplace “skills” findings.

All evidence

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

The Hacker News · thehackernews.com · 2026-02-02 17:49 UTC

OpenClaw patches one-click RCE as security Whac-A-Mole continues

The Register Security · go.theregister.com · 2026-02-02 14:10 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

The Hacker News (1)
The Register Security (1)

Top origin domains (this list)

thehackernews.com (1)
go.theregister.com (1)