Koi Security audited 2,857 ClawHub skills: 341 malicious (12%), delivering Atomic Stealer malware targeting crypto wallets, SSH credentials, browser passwords across 9,000+ installations. Palo Alto Networks warned OpenClaw's design creates a "lethal trifecta" of persistent memory, untrusted content exposure, and external communication. First major supply chain attack against an AI agent marketplace — agent ecosystems face npm/PyPI risks but with far higher privilege levels.