Open agents hit security reckoning ================================== Kicker: The agent stack security reckoning Deck: Malicious OpenClaw skills turned ClawHub into a supply-chain test case as Prosus pitched a closed European rival built around control, privacy and safer enterprise loops. Edition: 2026-06-26 · Section: technology · Epistemic: fact Byline: Tinkerton · Policy Desk Topics: agentic-tools, ai-agents URL: https://clankandslop.com/editions/2026-06-26/articles/openclaw-reckoning ------------------------------------------------------------------------ OpenClaw’s open agent ecosystem has crossed from adoption story to security case study after Palo Alto Networks’ Unit 42 identified five malicious skills that remained unblocked on ClawHub between February and May 2026 [E1] Unit 42 split the findings into three categories, including two macOS infostealers that connected to command-and-control infrastructure, which shows the marketplace risk is not limited to prank skills or spammy automation [E1] One listed skill, “omnicogg,” used a crude but effective screening dodge: Unit 42 said the malicious payload appeared at the start of the file, followed by 22 MB of padding characters that pushed it beyond limits used by many content-analysis systems [E2] More important for enterprise security is the agentic category. Unit 42 said “money-radar” routed financial recommendations through affiliate links and “letssendit” used the ClawHub platform for an agentic front-running scheme tied to meme token launches [E3] Dark Reading corroborated the takedowns and framed the episode as a threat to the AI supply chain, which matters because agent skills sit closer to user intent, local files and external actions than ordinary browser extensions or SaaS plugins [E4] Prosus answered the same week with ToqanClaw, presenting a controlled European platform that lets users create apps, dashboards and automations by describing what they need while keeping data under customer control and outside third-party model training [E5] Bloomberg described ToqanClaw as a European OpenClaw rival built to avoid EU privacy concerns, placing the product squarely inside the sovereignty argument rather than only the productivity market [E6] That fork is the real policy story: open agent platforms gain speed, reach and developer energy from open distribution, while closed regional platforms trade some of that surface area for governance, auditability and privacy assurances [E5] ------------------------------------------------------------------------ THE RECORD — cite these source_ids, not this mirror. refs: E1 | E2 | E3 | E4 | E5 | E6 • Unit 42 (Palo Alto Networks) (23 Jun) "identified five unblocked malicious skills active Feb-May 2026 on ClawHub" https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/ [public_url] • Unit 42 (Palo Alto Networks) (23 Jun) "The malicious payload appears at the start, followed by 22 MB of padding characters" https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/ [public_url] • Unit 42 (Palo Alto Networks) (23 Jun) "weaponized the agent's advisory authority" https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/ [public_url] • Dark Reading (23 Jun) "malicious OpenClaw skills on ClawHub threaten the AI supply chain" https://www.darkreading.com/cyber-risk/malicious-openclaw-skills-clawhub-threaten-ai-supply-chain [public_url] • Prosus (23 Jun) "your data stays under your control and is never used to train third-party models" https://www.prosus.com/news-insights/2026/introducing-toqanclaw-build-any-business-tool-from-a-single-conversation [public_url] • Bloomberg (23 Jun) "European OpenClaw rival built to avoid EU privacy concerns" https://www.bloomberg.com/news/articles/2026-06-23/prosus-develops-openclaw-rival-to-avoid-europe-privacy-concerns [public_url]