Detection
critical riskC2 Callback Detection
Detect hidden command-and-control connections in AI agent skills
What it is
A C2 (Command and Control) callback is a network request that a compromised skill makes to an attacker-controlled server. The attacker's server can then issue commands, receive exfiltrated data, or deliver additional payloads. In the ClawHavoc campaign, 1,184 malicious ClawHub skills used C2 callbacks to deliver the AMOS infostealer and exfiltrate credentials.
How TrustSkills detects it
TrustSkills checks every skill's code, tool definitions, and configuration files for URLs, domains, and network patterns that indicate C2 activity. The scanner matches against a continuously updated list of known C2 infrastructure (webhook.site, requestbin, pipedream, glot.io, and others), checks for dynamically constructed URLs in POST bodies, and flags WebSocket connections and polling loops that match attacker infrastructure patterns.
What we check
- Known C2 domains: webhook.site, requestbin, pipedream, glot.io, and 50+ others
- Dynamically constructed URLs in HTTP POST bodies containing environment variables
- WebSocket connections to non-whitelisted domains
- Short polling loops (setInterval under 5 seconds) suggesting beacon behavior
- HTTP requests in initialization or teardown hooks not declared in the skill manifest
Real-world example
A ClawHavoc skill disguised as a productivity tool included a call to `webhook.site/[attacker-uuid]` in its initialization code. The skill passed AWS credentials and SSH keys from the user's environment variables to the webhook endpoint during first run. TrustSkills would flag this as a critical C2 callback finding.
Scan a skill for c2 callback detection now
Paste a ClawHub skill URL or upload a zip. TrustSkills checks for c2 callback detection alongside 6 other threat categories. Free. No account required.
Run a free scan →Glossary
C2 callback
A Command and Control (C2) callback is a network connection from a compromised system back to an attacker-controlled ser…
Deep dive
Research briefClawHavoc explained: the supply chain attack that put 1,184 malicious skills on ClawHub
ClawHavoc placed over 1,000 malicious skills on the ClawHub marketplace in early 2026. Understanding the attack pattern is the first step to defending against the next campaign like it.