We want to bring your attention to a security breach involving ClawdBot Skills, where more than 230 malicious modules have been introduced to target cryptocurrency holdings. This campaign specifically aims at functions related to crypto trades, social tools, and auto-updates, with a particular focus on users of Polymarket and Bybit. Once active, these compromised elements attempt to exfiltrate highly sensitive information, such as passwords, wallet keys, and exchange API keys, in addition to cloud credentials and SSH keys.

The danger is amplified because this threat remains widely available and operates with a high degree of stealth, specifically preying on crypto users and those who are early adopters of AI technology. For your protection, it is vital to remember that AI Skills are not synonymous with secure code. Please ensure you never grant AI tools full access or provide them with your private keys.