ClawSwarm

ClawSwarm is the name Ax Sharma used for a campaign involving 30 ClawHub skills published by the user "imaflytok" that silently enlist AI agents into a cryptocurrency-oriented swarm without user consent. The skills were presented as benign utilities, including a cron helper, Agent Security skill, whale watcher, cross-platform poster, and predictions market integration, and had accumulated about 9,800 downloads at the time of reporting. According to the reporting, the campaign does not use malware and is not described as exploiting a software vulnerability; instead it targets AI agents and abuses SKILL.md instruction files and normal skill functionality. After installation, affected agents register with onlyflies.buzz, report their names, capabilities, and installed skills, store credentials locally, check in every four hours, and, when appropriate skills are present, generate Hedera wallets and submit the private keys to the same external server. Sharma said this results in agents silently registering with a third-party server, generating crypto keys, and accepting remote tasks without user initiation, approval, or visibility. The infrastructure was described as publicly visible, including a GitHub project, public documentation, a Telegram group, and a public-chain token. The onlyflies.buzz deployment was described as one implementation of an open-source ClawSwarm agentic skill framework on GitHub. Sharma compared the tactic to Tea Protocol token-farming spam campaigns, but using skills instead of npm packages. No nation-state attribution is mentioned in the provided content. Known associated name directly mentioned in the content: imaflytok.