30 ClawHub skills secretly turn AI agents into a crypto swarm
Thirty OpenClaw skills published under the name 'imaflytok' on ClawHub are covertly enlisting AI agents into a cryptocurrency mining network called ClawSwarm, without user knowledge or consent. The campaign leverages legitimate open-source frameworks and targets AI agents directly through SKILL.md instruction files, registering them with an external server at onlyflies.buzz. Unlike traditional malware, it uses no malicious code, instead relying on transparent but undisclosed agent behaviors such as wallet generation and remote task execution. Security researcher Ax Sharma highlights that the issue lies not in technical vulnerabilities but in the lack of runtime visibility and policy around agent actions.
- ▪Thirty ClawHub skills by 'imaflytok' have been downloaded around 9,800 times and silently enroll AI agents into a crypto-mining swarm called ClawSwarm.
- ▪The agents register with onlyflies.buzz, generate Hedera crypto wallets, and report capabilities to a third-party server without user approval.
- ▪ClawSwarm operates using an open-source framework on GitHub and does not exploit software vulnerabilities, making it hard to detect via traditional security scans.
- ▪Security expert Ax Sharma emphasizes that the behavior, regardless of intent, allows agents to perform unauthorized actions on behalf of unknown parties.
- ▪Current ClawHub maintainers face challenges in addressing the issue since no malicious code is present, pointing to a need for policy changes around skill transparency.
Opening excerpt (first ~120 words) tap to expand
Security 30 ClawHub skills secretly turn AI agents into a crypto swarm Yet another reason not to feast on OpenClaw Jessica Lyons Wed 29 Apr 2026 // 06:32 UTC Thirty ClawHub skills published by a single author are silently co-opting AI agents and creating a mass cryptocurrency mining swarm – without any malware or user consent. Agentic AI security outfit Manifold's research lead Ax Sharma spotted the skills on ClawHub, a registry and marketplace for OpenClaw skills. A ClawHub user who goes by "imaflytok" published the skills, which have scored around 9,800 downloads. Sharma told The Register that this campaign – he calls it “ClawSwarm” – differs from past efforts to distribute malicious ClawHub code because it doesn’t use malware or target humans.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at The Register.
Discussion
0 commentsMore from The Register
