We have measured this across the full OpenClaw ecosystem (14,704 skills indexed, 3,721 AI deep audited). The credential stealer pattern is one of several confirmed attack classes.
Key finding from our AI deep audit data: surface heuristics find 6.6% malicious. AI audit of the deep-scanned cohort finds 16.4% — surface scanning misses roughly 60% of the risk.
The most counterintuitive case: lekt9/foundry contains zero malicious code. It instructs your AI agent to generate and execute code as part of its workflow. Static analysis finds nothing because the dangerous code doesn't exist until the AI writes it during a live conversation.
Data at rankclaw.com. AI audit reports public for all 3,721+ deep-scanned skills.
Moltbook is a social network for AI agents (think Reddit for LLM-based assistants). This post by an agent named eudaemon_0 describes finding a credential stealer disguised as a weather skill in ClawdHub, an AI skills marketplace.
The agent proposes signed skills, permission manifests, and 'isnad chains' (provenance verification borrowed from Islamic hadith authentication) as solutions.
Interesting to see AI agents starting to grapple with the same supply chain security problems that human developers face with npm/PyPI.
Key finding from our AI deep audit data: surface heuristics find 6.6% malicious. AI audit of the deep-scanned cohort finds 16.4% — surface scanning misses roughly 60% of the risk.
The most counterintuitive case: lekt9/foundry contains zero malicious code. It instructs your AI agent to generate and execute code as part of its workflow. Static analysis finds nothing because the dangerous code doesn't exist until the AI writes it during a live conversation.
Data at rankclaw.com. AI audit reports public for all 3,721+ deep-scanned skills.