TrustSkills
BlogCompareGlossaryDetections

Definition

ClawHub

The official marketplace for OpenClaw agent skills. Skills are published by third-party authors and can be installed into OpenClaw with a single command. ClawHub is the primary supply chain vector for AI agent skill attacks — the same dynamic that made npm and PyPI targets for software supply chain attacks. As of early 2026, Snyk's ToxicSkills research found that 36% of scanned ClawHub skills contained at least one security flaw.

Related terms

OpenClaw

An agentic AI platform that allows users to build, install, and run AI agents that can use skills fr

Agent skill

A packaged set of instructions, tool definitions, and capability declarations that extends what an A

ClawHavoc

A coordinated supply chain attack campaign that planted 1,184 malicious skills across 12 publisher a

Supply chain attack

An attack that compromises software or services upstream of the target organization, so the maliciou

Scan a skill before you install it

TrustSkills detects the threats described in this glossary before you install a ClawHub skill. Free. No account required.

Run a free scan