Securing OpenClaw Against “ClawHavoc”

As of Feb 2026, a supply-chain campaign dubbed “ClawHavoc” abused OpenClaw agent skills by embedding malicious SKILL.md manifests that tricked agents and users into running remote installer commands, which fetched infostealer payloads (Atomic Stealer/AMOS and keyloggers) that exfiltrate cookies, keys and wallet data; researchers found roughly 12% of ClawHub skills were malicious. The report also analyzes OpenClaw’s elevated attack surface (system access, untrusted ingestion, autonomous egress) and describes how an AI-aware MITM proxy (Aryaka AI>Secure) can mitigate the threat via Markdown/semantic inspection, LLM response filtering, URL/SWG blocking and runtime DLP.