Security firm AIR has disclosed that it built and published a fake AI agent skill called "brand-landingpage" that passed every security scanner it faced and reached about 26,000 agents. The malicious payload was loaded from an external link only after review, exploiting a blind spot that scanners do not inspect.
Early 2026 · ClawHub Supply-Chain Threat
A "Clean" AI Skill Passed Every Scan — Then Fetched Malware From a Swapped Link
On OpenClaw's ClawHub registry, a harmless-looking SKILL.md slipped past checks like VirusTotal, then pulled its payload from an external host that could be changed after review. One such decoy skill reportedly reached about 26,000 agents.
26,000
agents reached by a single decoy skill
341
malicious skills in one tracked campaign
~7–12%
share of skills flagged malicious
10,700+
registered ClawHub skills at peak
How the decoy skill evades review
No malware is embedded — the payload lives behind a link that is swapped after the scan.
STEP 1
Upload clean SKILL.md
Innocuous file referencing an external URL.
→
STEP 2
Passes the scan
VirusTotal sees nothing — the link looks harmless.
→
STEP 3
Swap the payload
Lookalike host now serves AMOS, keyloggers, wallet redirects.
→
STEP 4
Install fetches it
Credential theft & remote code execution on the agent.
Reach per skill: thousands → 26,000 agents
Each block ≈ 5,000 affected agents.
Defenders responding
VirusTotal scanning added Feb 2026
VirusTotal Code Insight rolled out
Koi, Bitdefender, Snyk, 1Password tracking campaigns
Residual risk
Scanning is "not a silver bullet"
No rate limit on downloads → ranking manipulation
Treating skills as trusted code amplifies exposure
The external link the scanners never check is the blind spot.
Manual review before install and verifying the source remain essential — agent skill extensions are now their own attack surface.
Continue reading The rest of this article is for AI News Blitz readers. Choose an option below to keep reading.
Already purchased? Sign in ✓ Signed in — this article isn’t included in your current plan.Unlocking the full article…