TrustSkills
BlogCompareGlossaryDetections

Definition

C2 callback

A Command and Control (C2) callback is a network connection from a compromised system back to an attacker-controlled server. In the context of AI agent skills, a C2 callback typically appears as an HTTP request or WebSocket connection to a domain the skill documentation does not disclose — such as webhook.site, requestbin, pipedream, or a custom attacker-owned domain. TrustSkills checks every skill for C2 callback patterns as part of its standard scan.

How TrustSkills detects this

TrustSkills scans OpenClaw and ClawHub skills for c2 callback patterns before you install them. The scanner returns plain-English findings — no CVE IDs, no security jargon — with a risk level and a clear explanation of what was found.

Scan a skill freeHow we detect c2 callback

Related terms

Data exfiltration

The unauthorized transfer of sensitive data from a system to an attacker-controlled destination. In

ClawHavoc

A coordinated supply chain attack campaign that planted 1,184 malicious skills across 12 publisher a

Reverse shell

A technique where a compromised system initiates an outbound connection to an attacker-controlled se