TrustSkills
BlogCompareGlossaryDetections

Definition

ClawHavoc

A coordinated supply chain attack campaign that planted 1,184 malicious skills across 12 publisher accounts on the ClawHub marketplace between January and February 2026. ClawHavoc skills delivered the AMOS infostealer on macOS, exfiltrated credentials and API keys, and used obfuscated payloads to evade file-hash scanners. ClawHavoc is named after the campaign identifier used in attacker infrastructure.

Related terms

Supply chain attack

An attack that compromises software or services upstream of the target organization, so the maliciou

C2 callback

A Command and Control (C2) callback is a network connection from a compromised system back to an att

Data exfiltration

The unauthorized transfer of sensitive data from a system to an attacker-controlled destination. In

Deep dive

Research brief

ClawHavoc explained: the supply chain attack that put 1,184 malicious skills on ClawHub

ClawHavoc placed over 1,000 malicious skills on the ClawHub marketplace in early 2026. Understanding the attack pattern is the first step to defending against the next campaign like it.

Scan a skill before you install it

TrustSkills detects the threats described in this glossary before you install a ClawHub skill. Free. No account required.

Run a free scan