{"id":783,"date":"2026-01-27T13:49:23","date_gmt":"2026-01-27T13:49:23","guid":{"rendered":"https:\/\/ucstrategies.com\/news\/?p=783"},"modified":"2026-03-31T08:17:58","modified_gmt":"2026-03-31T08:17:58","slug":"a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them","status":"publish","type":"post","link":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/","title":{"rendered":"A security researcher says ClawdHub can be gamed into distributing &#8220;trusted&#8221; Clawdbot skills \u2014 and developers are running them"},"content":{"rendered":"<p>In a detailed Twitter thread, security researcher <strong>Jamieson O\u2019Reilly<\/strong> (@theonejvo) describes a proof-of-concept experiment showing how an attacker could use classic supply-chain tactics\u2014fake trust signals, hidden instructions, and social engineering\u2014to get developers to execute commands on their own machines via a popular \u201cskills\u201d registry.<\/p>\n<h2>Key takeaways<\/h2>\n<p><em>O\u2019Reilly claims he published a harmless \u201cbackdoored\u201d skill as a demonstration, artificially boosted its perceived popularity, and observed real-world executions across multiple countries. He argues the broader lesson is that AI agent ecosystems are inheriting the same supply-chain failure modes that have repeatedly hit npm and other package registries.<\/em><\/p>\n<h2>What O\u2019Reilly investigated?<\/h2>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"zxx\"><a href=\"https:\/\/t.co\/85Kn8cUJq4\">https:\/\/t.co\/85Kn8cUJq4<\/a><\/p>\n<p>\u2014 Jamieson O&#8217;Reilly (@theonejvo) <a href=\"https:\/\/twitter.com\/theonejvo\/status\/2015892980851474595?ref_src=twsrc%5Etfw\">January 26, 2026<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nO\u2019Reilly frames the problem with a simple idea: when you give an AI agent \u201cskills\u201d (integrations, scripts, automations), you\u2019re effectively installing third-party code and instructions into your workflow.<\/p>\n<p>If that ecosystem has weak trust signals, an attacker doesn\u2019t need to compromise you directly\u2014they can compromise what you install.<\/p>\n<p>His thread <strong>is the second part of a broader security series <\/strong>(<a href=\"https:\/\/ucstrategies.com\/news\/widely-adopted-clawdbot-is-now-exposing-serious-security-weaknesses\/\">first part here<\/a>)<strong>.<\/strong><\/p>\n<p>After previously focusing on exposed <a href=\"https:\/\/ucstrategies.com\/news\/why-everyone-is-suddenly-buying-mac-minis-to-run-clawdbot-you-probably-dont-need-one\/\">Clawdbot<\/a> control servers (misconfiguration and deployment risk), he shifts here to the supply chain: the registry and distribution layer where \u201cskills\u201d are uploaded, discovered, and installed.<\/p>\n<h2>ClawdHub, in plain English<\/h2>\n<figure id=\"attachment_784\" aria-describedby=\"caption-attachment-784\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img fetchpriority=\"high\" decoding=\"async\" class=\"size-full wp-image-784\" src=\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/image-2026-01-27T144657.821.jpg\" alt=\"clawdhub\" width=\"1200\" height=\"850\" srcset=\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/image-2026-01-27T144657.821.jpg 1200w, https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/image-2026-01-27T144657.821-300x213.jpg 300w, https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/image-2026-01-27T144657.821-1024x725.jpg 1024w, https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/image-2026-01-27T144657.821-768x544.jpg 768w, https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/image-2026-01-27T144657.821-450x319.jpg 450w, https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/image-2026-01-27T144657.821-780x553.jpg 780w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-784\" class=\"wp-caption-text\">Jamieson inflated its download count to 4,000+, making it the #1 downloaded skill using a trivial vulnerability&#8230;<\/figcaption><\/figure>\n<p>In O\u2019Reilly\u2019s description, ClawdHub functions like a package registry for Clawdbot\/Claude Code \u201cskills\u201d: developers browse a catalog, install a capability, and their agent gains new powers\u2014calendar access, messaging actions, API integrations, automation routines, and more.<\/p>\n<p>That model is powerful because it removes friction.<\/p>\n<p>It is also risky, because speed and convenience tend to outpace careful review\u2014especially when \u201cskills\u201d can ultimately cause tools to run shell commands or reach out to external endpoints.<\/p>\n<h2>The core claim: trust signals can be manipulated<\/h2>\n<p>O\u2019Reilly says the registry\u2019s visible trust cues\u2014especially download counts\u2014can be made to look legitimate with minimal effort.<\/p>\n<p>The practical impact is straightforward: if users equate \u201cpopular\u201d with \u201csafe,\u201d an attacker can manufacture popularity and move up the rankings.<\/p>\n<p>In his proof-of-concept, he reports inflating a skill\u2019s downloads to make it appear widely adopted, then observing developers install and run it believing it was credible. He emphasizes he designed the payload to be safe and did not extract private data, using only a minimal signal to confirm execution.<\/p>\n<p>His broader point is that a single weak metric\u2014when promoted prominently in the UI\u2014can become an attacker\u2019s fastest path to distribution.<\/p>\n<h2>Hidden files and \u201cinvisible\u201d instructions: where the real risk lives?<\/h2>\n<p>One of the most concerning observations in the thread is the mismatch between what users see and what the agent may read and execute. O\u2019Reilly argues that if the web UI primarily highlights a friendly, marketing-style README, users may never notice additional files that contain operational instructions.<\/p>\n<p>In an agent workflow, those \u201cextra\u201d instruction files matter. Even when a tool asks for permission to execute a command, users can slip into a habit of approving prompts\u2014especially if most prompts are routine and the skill appears reputable.<\/p>\n<p>O\u2019Reilly\u2019s warning is not that every skill is malicious, but that the architecture makes it too easy for a malicious one to blend in.<\/p>\n<h2>Why AI agent ecosystems are a new supply-chain hotspot?<\/h2>\n<p>Traditional supply-chain attacks work because they scale: compromise one dependency and it spreads downstream. O\u2019Reilly argues agent \u201cskills\u201d intensify this dynamic, because they can be both code and instruction\u2014often executed in environments that hold valuable secrets (SSH keys, cloud credentials, production access).<\/p>\n<p>He connects this to familiar patterns from mainstream package ecosystems: developers trust registries, maintainers, and popularity metrics; attackers target that trust; the blast radius grows faster than manual security review can keep up.<\/p>\n<p>His underlying thesis is that we are \u201cspeedrunning\u201d AI adoption without speedrunning security literacy to match.<\/p>\n<h2>What to do if you use Clawdbot skills today?<\/h2>\n<p>O\u2019Reilly shares a set of recommendations aimed at both platform operators and end users. Even if the specific weaknesses he cites are fixed, the operational posture he suggests remains relevant for any skills registry.<\/p>\n<p>For users, the message is simple: treat popularity as a weak signal, inspect what you install, and assume a skill can do more than what its landing page implies. If a skill triggers commands or network requests, treat it as code execution\u2014because it is.<\/p>\n<p>For platform builders, his thread argues for de-emphasizing easily gamed metrics, making all files visible before installation, and adding safeguards that reduce the chance that a single malicious upload becomes a mass-distribution event.<\/p>\n<p>Bottom line: Jamieson O\u2019Reilly\u2019s Twitter write-up is a timely reminder that \u201cAI agents + skill marketplaces\u201d are recreating the same trust problems that package registries have battled for years\u2014except now the default blast radius may include your credentials, repos, and production tooling.<\/p>\n<p>If your workflow relies on third-party skills, audit your assumptions: popularity is not vetting, permission prompts are not protection by themselves, and anything that can run commands should be reviewed like a dependency with full access to your environment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a detailed Twitter thread, security researcher Jamieson O\u2019Reilly (@theonejvo) describes a proof-of-concept experiment showing how an attacker could use classic supply-chain tactics\u2014fake trust signals, hidden instructions, and social engineering\u2014to get developers to execute commands on their own machines via a popular \u201cskills\u201d registry. Key takeaways O\u2019Reilly claims he published a harmless \u201cbackdoored\u201d skill as [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":787,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":{"0":"post-783","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A security researcher says ClawdHub can be gamed into distributing &quot;trusted&quot; Clawdbot skills \u2014 and developers are running them<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A security researcher says ClawdHub can be gamed into distributing &quot;trusted&quot; Clawdbot skills \u2014 and developers are running them\" \/>\n<meta property=\"og:description\" content=\"In a detailed Twitter thread, security researcher Jamieson O\u2019Reilly (@theonejvo) describes a proof-of-concept experiment showing how an attacker could use classic supply-chain tactics\u2014fake trust signals, hidden instructions, and social engineering\u2014to get developers to execute commands on their own machines via a popular \u201cskills\u201d registry. Key takeaways O\u2019Reilly claims he published a harmless \u201cbackdoored\u201d skill as [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/\" \/>\n<meta property=\"og:site_name\" content=\"Ucstrategies News\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-27T13:49:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-31T08:17:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Sarah Chen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sarah Chen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/\"},\"author\":{\"name\":\"Sarah Chen\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45\"},\"headline\":\"A security researcher says ClawdHub can be gamed into distributing &#8220;trusted&#8221; Clawdbot skills \u2014 and developers are running them\",\"datePublished\":\"2026-01-27T13:49:23+00:00\",\"dateModified\":\"2026-03-31T08:17:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/\"},\"wordCount\":867,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp\",\"articleSection\":\"News\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#respond\"]}],\"publisher\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/\",\"url\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/\",\"name\":\"A security researcher says ClawdHub can be gamed into distributing \\\"trusted\\\" Clawdbot skills \u2014 and developers are running them\",\"isPartOf\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp\",\"datePublished\":\"2026-01-27T13:49:23+00:00\",\"dateModified\":\"2026-03-31T08:17:58+00:00\",\"author\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45\"},\"breadcrumb\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#primaryimage\",\"url\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp\",\"contentUrl\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp\",\"width\":1200,\"height\":675,\"caption\":\"clawdhub\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ucstrategies.com\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A security researcher says ClawdHub can be gamed into distributing &#8220;trusted&#8221; Clawdbot skills \u2014 and developers are running them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#website\",\"url\":\"https:\/\/ucstrategies.com\/news\/\",\"name\":\"Ucstrategies News\",\"description\":\"Insights and tools for productive work\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ucstrategies.com\/news\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\/\/ucstrategies.com\/news\/#organization\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45\",\"name\":\"Sarah Chen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/sarah-chen\/image\",\"url\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/03\/cropped-sarah-id-photo.webp\",\"contentUrl\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/03\/cropped-sarah-id-photo.webp\",\"caption\":\"Sarah Chen - Enterprise Tech & Cloud Reporter at UCStrategies\"},\"description\":\"I cover enterprise technology, cloud infrastructure, and cybersecurity for UCStrategies. My focus is on how organizations adopt and integrate SaaS platforms, manage cloud migrations, and navigate the evolving threat landscape. Before joining UCStrategies, I spent six years reporting on enterprise IT transformations across Fortune 500 companies. I track the gap between what vendors promise and what actually ships \u2014 and what that means for the teams deploying it. Expertise: Enterprise Software, Cloud Computing, SaaS Platforms, Cybersecurity, IT Infrastructure, Digital Transformation.\",\"url\":\"https:\/\/ucstrategies.com\/news\/author\/sarah-chen\/\",\"jobTitle\":\"Enterprise Tech & Cloud Reporter\",\"worksFor\":{\"@type\":\"Organization\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#organization\",\"name\":\"UCStrategies\"},\"knowsAbout\":[\"Enterprise Software\",\"Cloud Computing\",\"SaaS Platforms\",\"Cybersecurity\",\"IT Infrastructure\",\"Digital Transformation\",\"Cloud Migration\",\"Zero Trust Security\"],\"sameAs\":[\"https:\/\/ucstrategies.com\/news\/author\/sarah-chen\/\"]},{\"@type\":[\"Organization\",\"NewsMediaOrganization\"],\"@id\":\"https:\/\/ucstrategies.com\/news\/#organization\",\"name\":\"UCStrategies\",\"legalName\":\"UC Strategies\",\"url\":\"https:\/\/ucstrategies.com\/news\/\",\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/ucstrategies.com\/news\/#logo\",\"url\":\"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/cropped-Nouveau-projet-11.jpg\",\"width\":500,\"height\":500,\"caption\":\"UCStrategies Logo\"},\"description\":\"Expert news, reviews and analysis on AI tools, unified communications, and workplace technology.\",\"foundingDate\":\"2020\",\"ethicsPolicy\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/\",\"correctionsPolicy\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/#corrections-policy\",\"masthead\":\"https:\/\/ucstrategies.com\/news\/about-us\/\",\"actionableFeedbackPolicy\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/\",\"publishingPrinciples\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/\",\"ownershipFundingInfo\":\"https:\/\/ucstrategies.com\/news\/about-us\/\",\"noBylinesPolicy\":\"https:\/\/ucstrategies.com\/news\/editorial-policy\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A security researcher says ClawdHub can be gamed into distributing \"trusted\" Clawdbot skills \u2014 and developers are running them","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/","og_locale":"en_US","og_type":"article","og_title":"A security researcher says ClawdHub can be gamed into distributing \"trusted\" Clawdbot skills \u2014 and developers are running them","og_description":"In a detailed Twitter thread, security researcher Jamieson O\u2019Reilly (@theonejvo) describes a proof-of-concept experiment showing how an attacker could use classic supply-chain tactics\u2014fake trust signals, hidden instructions, and social engineering\u2014to get developers to execute commands on their own machines via a popular \u201cskills\u201d registry. Key takeaways O\u2019Reilly claims he published a harmless \u201cbackdoored\u201d skill as [&hellip;]","og_url":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/","og_site_name":"Ucstrategies News","article_published_time":"2026-01-27T13:49:23+00:00","article_modified_time":"2026-03-31T08:17:58+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp","type":"image\/webp"}],"author":"Sarah Chen","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sarah Chen","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#article","isPartOf":{"@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/"},"author":{"name":"Sarah Chen","@id":"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45"},"headline":"A security researcher says ClawdHub can be gamed into distributing &#8220;trusted&#8221; Clawdbot skills \u2014 and developers are running them","datePublished":"2026-01-27T13:49:23+00:00","dateModified":"2026-03-31T08:17:58+00:00","mainEntityOfPage":{"@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/"},"wordCount":867,"commentCount":0,"image":{"@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#primaryimage"},"thumbnailUrl":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp","articleSection":"News","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#respond"]}],"publisher":{"@id":"https:\/\/ucstrategies.com\/news\/#organization"}},{"@type":"WebPage","@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/","url":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/","name":"A security researcher says ClawdHub can be gamed into distributing \"trusted\" Clawdbot skills \u2014 and developers are running them","isPartOf":{"@id":"https:\/\/ucstrategies.com\/news\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#primaryimage"},"image":{"@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#primaryimage"},"thumbnailUrl":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp","datePublished":"2026-01-27T13:49:23+00:00","dateModified":"2026-03-31T08:17:58+00:00","author":{"@id":"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45"},"breadcrumb":{"@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#primaryimage","url":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp","contentUrl":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/Nouveau-projet-2026-01-27T145032.953.webp","width":1200,"height":675,"caption":"clawdhub"},{"@type":"BreadcrumbList","@id":"https:\/\/ucstrategies.com\/news\/a-security-researcher-says-clawdhub-can-be-gamed-into-distributing-trusted-clawdbot-skills-and-developers-are-running-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ucstrategies.com\/news\/"},{"@type":"ListItem","position":2,"name":"A security researcher says ClawdHub can be gamed into distributing &#8220;trusted&#8221; Clawdbot skills \u2014 and developers are running them"}]},{"@type":"WebSite","@id":"https:\/\/ucstrategies.com\/news\/#website","url":"https:\/\/ucstrategies.com\/news\/","name":"Ucstrategies News","description":"Insights and tools for productive work","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ucstrategies.com\/news\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US","publisher":{"@id":"https:\/\/ucstrategies.com\/news\/#organization"}},{"@type":"Person","@id":"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/a2812a6fcebcb72154de172a0185ff45","name":"Sarah Chen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ucstrategies.com\/news\/#\/schema\/person\/sarah-chen\/image","url":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/03\/cropped-sarah-id-photo.webp","contentUrl":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/03\/cropped-sarah-id-photo.webp","caption":"Sarah Chen - Enterprise Tech & Cloud Reporter at UCStrategies"},"description":"I cover enterprise technology, cloud infrastructure, and cybersecurity for UCStrategies. My focus is on how organizations adopt and integrate SaaS platforms, manage cloud migrations, and navigate the evolving threat landscape. Before joining UCStrategies, I spent six years reporting on enterprise IT transformations across Fortune 500 companies. I track the gap between what vendors promise and what actually ships \u2014 and what that means for the teams deploying it. Expertise: Enterprise Software, Cloud Computing, SaaS Platforms, Cybersecurity, IT Infrastructure, Digital Transformation.","url":"https:\/\/ucstrategies.com\/news\/author\/sarah-chen\/","jobTitle":"Enterprise Tech & Cloud Reporter","worksFor":{"@type":"Organization","@id":"https:\/\/ucstrategies.com\/news\/#organization","name":"UCStrategies"},"knowsAbout":["Enterprise Software","Cloud Computing","SaaS Platforms","Cybersecurity","IT Infrastructure","Digital Transformation","Cloud Migration","Zero Trust Security"],"sameAs":["https:\/\/ucstrategies.com\/news\/author\/sarah-chen\/"]},{"@type":["Organization","NewsMediaOrganization"],"@id":"https:\/\/ucstrategies.com\/news\/#organization","name":"UCStrategies","legalName":"UC Strategies","url":"https:\/\/ucstrategies.com\/news\/","logo":{"@type":"ImageObject","@id":"https:\/\/ucstrategies.com\/news\/#logo","url":"https:\/\/ucstrategies.com\/news\/wp-content\/uploads\/2026\/01\/cropped-Nouveau-projet-11.jpg","width":500,"height":500,"caption":"UCStrategies Logo"},"description":"Expert news, reviews and analysis on AI tools, unified communications, and workplace technology.","foundingDate":"2020","ethicsPolicy":"https:\/\/ucstrategies.com\/news\/editorial-policy\/","correctionsPolicy":"https:\/\/ucstrategies.com\/news\/editorial-policy\/#corrections-policy","masthead":"https:\/\/ucstrategies.com\/news\/about-us\/","actionableFeedbackPolicy":"https:\/\/ucstrategies.com\/news\/editorial-policy\/","publishingPrinciples":"https:\/\/ucstrategies.com\/news\/editorial-policy\/","ownershipFundingInfo":"https:\/\/ucstrategies.com\/news\/about-us\/","noBylinesPolicy":"https:\/\/ucstrategies.com\/news\/editorial-policy\/"}]}},"_links":{"self":[{"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/posts\/783","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/comments?post=783"}],"version-history":[{"count":2,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/posts\/783\/revisions"}],"predecessor-version":[{"id":786,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/posts\/783\/revisions\/786"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/media\/787"}],"wp:attachment":[{"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/media?parent=783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/categories?post=783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ucstrategies.com\/news\/wp-json\/wp\/v2\/tags?post=783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}