HN

Need help?
<- Back
Top downloaded skill in ClawHub contains malware

Top downloaded skill in ClawHub contains malware

pelario

Comments (131)

  • jampa
    This article is so frustrating to read: not only is it entirely AI-generated, but it also has no details: "I'm not linking", "I'm not pasting".And I don't doubt there is malware in Clawhub, but the 8/64 in VirusTotal hardly proves that. "The verdict was not ambiguous. It's malware." I had scripts I wrote flagged more than that!I know 1Password is a "famous" company, but this article alone isn't trustworthy at all.
  • mattstir
    This just seems like the logical consequence of the chosen system to be honest. "Skills" as a concept are much too broad and much too free-form to have any chance of being secure. Security has also been obviously secondary in the OpenClaw saga so far, with users just giving it full permissions to their entire machine and hoping for the best. Hopefully some of this will rekindle ideas that are decades old at this point (you know, considering security and having permission levels and so forth), but I honestly have my doubts.
  • deanc
    It's absolute negligence for anyone to be installing anything at this point in this space. There is no oversight, hardly anyone looking at what's published, no automated scanning and there is no security model in place that works that isn't vulnerable to prompt injection.We need to go back to the drawing board. You might as well just run curl https://example.com/script.sh | sudo bash at this point.
  • paodealho
    Back in the XP days if you let your computer for too much time on the hands of an illiterate relative, they would eventually install something and turn Internet Explorer into this https://i.redd.it/z7qq51usb7n91.jpg.Now the security implications are even greater, and we won't even have funny screenshots to share in the future.
  • JasonADrury
    Why are these articles always AI written? What's the point of having AI generate a bunch of filler text?
  • derpified
    But wait, we have tools that can introspect on the semantic content of these skills, so why not make a skill that checks the security of other skills? You would think that'd be one of the first things people put together!Ideally such a skill could be used on itself to self-verify. Of course it could itself contain some kind of backdoor. If the security check skill includes exceptions to pass it's own security checks, this ought to be called a Thompson vulnerability. Then to take it a step further, the idea of Thompson-completeness: a skill used in the creation of other skills that propagates a vulnerability.
  • thepasch
    Sometimes it feels like the advent of LLMs is hyperboosting the undoing of decades of slow societal technical literacy that wasn't even close to truly taking foot yet. Though LLMs aren't the reason; they're just the latest symptom.For a while it felt like people were getting more comfortable with and knowledgeable about tech, but in recent years, the exact opposite has been the case.
  • rixed
    This industry is funny.In one hand, one is reminded on a daily basis of the importance of security, of strictly adhering to best practices, of memory safety, password strength, multi factor authentication and complex login schemes, end to end encryption and TLS everywhere, quick certificate rotation, VPNs, sandboxes, you name it.On the other hand, it has become standard practice to automatically download new software that will automatically download new software etc, to run MiTM boxes and opaque agents on any devices, to send all communication to slack and all code to anthropic in near real time...I would like to believe that those trends come from different places, but that's not my observation.
  • Santas
    ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting https://news.ycombinator.com/item?id=46901092
  • fnoef
    It feels like the early days of crypto. It promised to be the revolution, but ended up being used for black markets, with malware that use your Madison to mine crypto or steal crypto.I wonder if in few years from now, we will look back and wonder how we got psyoped into all this
  • dragonelite
    It's kind of interesting how with vibe coding we just threw away 2 decades of secure code best practices xD...
  • soared
    Was clawhub not doing any security on skills?
  • 8cvor6j844qw_d6
    Too bad OpenClaw cost too much on Anthrophic API. Any alternatives?
  • sschueller
    Well it appears https://openclaw.ai/ is down now. I get "Secure Connection Failed"
  • VladVladikoff
    To me the appeal of something like OpenClaw is incredible! It fills a gap that I’ve been trying to solve where automating customer support is more than just reacting to text and writing text back, but requires steps in our application backend for most support enquiries. If I could get a system like OpenClaw to read a support ticket, open a browser and then do some associated actions in our application backend, and then reply back to the user, that closes the loop.However it seems OpenClaw had quite a lot of security issues, to the point of even running it in a VM makes me uncomfortable, but also I tried anyway, and my computer is too old and slow to run MacOS inside of MacOS.So are the other options? I saw one person say maybe it’s possible to roll your own with MCP? Looking for honest advice.
  • tkhapz
    Since increasingly every "successful" application is a form of an insecure, overcomplicated computer game:How do you get the mindset to develop such applications? Do you have to play League of Legends for 8 hours per day as a teenager?Do you have to be a crypto bro who lost money on MtGox?People in the AI space seem literally mentally ill. How does one acquire the skills (pun intended) to participate in the madness?
  • anon
    undefined
  • largbae
    Can we call this phase the clawback?
  • rvz
    That's why the Moltbots were panicking earlier. [0]These 'skills' are yet another bad standard, just when MCP was already a much worse standard than it already was.[0] https://news.ycombinator.com/item?id=46820962
  • eggpine84
    hoho
  • naikrovek
    My question to Apple, Microsoft, and the Linux kernel maintainers is this: Why is this even possible? Why is it possible for a running application to read information stored by so many other applications which are not related to the program in question?Why is isolation between applications not in place by default? Backwards compatibility is not more important than this. Operating systems are supposed to get in the way of things like this and help us run our programs securely. Operating systems are not supposed to freely allow this to happen without user intervention which explicitly allows this to happen.Why are we even remotely happy with our current operating systems when things like this, and ransomware, are possible by default?
  • DeathArrow
    [dead]
  • copilot_king_2
    [flagged]
  • oncallthrow
    Revolting AI slop writing style
  • t1234s
    It begins...