
Summaries like this, in your inbox every morning.
Sign up free →imaflytok published 30 skills on ClawHub that instruct AI agents to register with onlyflies.buzz, report their capabilities, generate crypto wallets, and accept remote tasks—all without user approval. The skills accumulated roughly 9,800 total downloads, with Cron Helper leading at 903 downloads.
Unlike the ClawHavoc malware campaign (which used social engineering and info stealers targeting humans), ClawSwarm targets agents directly through skill instructions. Agents execute registration and wallet generation automatically because that is what agents do when reading skill instructions, requiring no human action.
The mechanism mirrors the tea protocol's 2024 npm token-farming spam: publish utilities that pass casual inspection, gain downloads to bootstrap a network, and convert installs into participants in a token economy. The skills include legitimate Hedera SDK calls and standard API requests that would not trigger traditional malware scanners.
Runtime monitoring (not code scanning) can detect this: an agent auto-registering with an external server, reporting capabilities to a third party, generating crypto keys, and polling for remote tasks every four hours—activities a user never initiated.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion




Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack