Taking away trust in the quickly growing OpenClaw ecosystem, Researchers at Silverfort have found a serious flaw in the ClawHub skills marketplace that let attackers cheat on download-based rankings and move a harmful skill to the top of its category This article explores clawhub openclaw public. . An enemy could take advantage of this logic flaw to make a backdoored skill look very popular and trustworthy.

This would lead to a lot of people using it, and a single package could become the start of a large-scale supply chain attack on OpenClaw agents all over the world. How ClawHub became an attack vector: ClawHub is OpenClaw's public skills registry, where anyone can add skills that let agents do things like manage calendars, send emails, or search the web.

Like many public registries, users and agents often think that a lot of downloads means that something is safe. They use popularity as a main trust signal when deciding which skills to install. This design made ClawHub especially appealing to attackers who want to plant malicious packages that blend in with a busy marketplace and then use "social proof" to spread infections.

In this case, a function that was meant to be an internal helper was accidentally made public and could be called directly from the deployment URL without any access control. This went against Convex's own advice that all public functions must require explicit authorization. It's easy to make these kinds of mistakes when backend logic and network exposure are closely linked, especially in "vibe-coded" projects that change quickly and put speed ahead of structured security reviews.

On March 16, 2026, Silverfort told the ClawHub and OpenClaw teams about the problem, giving them information about how it affected things and technical proof that it had been used. The researchers say that the maintainers acted quickly and sent a fix within about 24 hours. This closed the exposed increment path and made the download logic in production stronger.

The vulnerability has since been remediated, preventing further abuse of download counts as a trust amplification vector, though historical manipulations in the broader ecosystem underline how fragile reputation‑based metrics can be.