Supply-Chain

If you’ve ever installed a ClawHub skill because it had thousands of downloads and ranked #1 in its category — you may have been manipulated. Security researchers at Silverfort have disclosed a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. The flaw allowed attackers to artificially inflate download counts for any skill in the registry, gaming the trust signal that both human users and autonomous AI agents rely on to evaluate packages. Once at the top, a malicious skill could be automatically installed by agents configured to auto-upgrade — turning a rankings exploit into a full-blown supply chain attack. ...

The Silverfort researchers who disclosed the ClawHub ranking-manipulation vulnerability found that attackers could push a malicious skill to the #1 spot in a category using nothing more than unauthenticated HTTP requests to inflate download counts. Snyk’s ToxicSkills study independently identified 1,467 vulnerable or malicious skills across the registry. If you use ClawHub skills in your OpenClaw deployment — especially if you have auto-install or auto-upgrade enabled — this guide will walk you through a complete audit. ...

The software supply chain attack models your security team has been defending against for the past decade assumed one thing: the entities making decisions inside your build pipeline were humans. Slow, reviewable, occasionally careless humans — but humans. Coding agents like Claude Code, Cursor, and GitHub Copilot Workspace have changed that assumption. They are autonomous participants in the software development lifecycle: generating code, selecting dependencies, executing build steps, and pushing changes at machine speed. The attack surface they introduce is the natural consequence of giving a privileged, autonomous system access to an environment where a single bad decision can propagate into production before any human review process catches it. ...

Every enterprise deploying AI agents faces the same uncomfortable truth: their agents are only as trustworthy as the tools those agents use. And right now, most organizations have no systematic way to govern which MCP servers their agents can access, no visibility into what those servers are doing, and no automated mechanism to block unsafe tools before they cause damage. JFrog just shipped the answer. On March 18, 2026, JFrog announced general availability of its Universal MCP Registry — the first enterprise-scale registry for storing, governing, and monitoring MCP servers across AI agent toolchains. The announcement was co-made with NVIDIA, positioning the registry as a foundational trust layer for AI-driven software development at enterprise scale. ...

This is an update post. We covered the initial Pentagon concerns on February 28 and the defense contractor fallout on March 4. Here’s what’s genuinely new. The Pentagon sent Anthropic formal written notification on Thursday, March 5, designating the company a supply-chain risk to national security. This is a legal and procurement designation — not just informal concern or policy discussion. It has real consequences for government contractors who use Claude-based tools. ...

Stop what you’re doing and update Claude Code. Check Point Research disclosed two critical vulnerabilities today — CVE-2025-59536 and CVE-2026-21852 — that can let an attacker execute code on your machine and steal your Anthropic API key simply by having you clone and open a malicious repository. No additional interaction required. No suspicious files to download. Just opening the wrong repo is enough. What Was Disclosed Check Point Research published full technical details on both CVEs affecting Claude Code, Anthropic’s AI-powered coding assistant: ...