Threat actors are distributing malware via trojanized shared files and malicious AI skills on AI distribution platforms Hugging Face and ClawHub. They rely on social engineering and indirect prompt injection to embed hidden instructions executed by AI agents, which then download and run malicious code on users' machines. ClawHub's modular AI skill architecture allows execution of external code with high privileges, facilitating malware infections including trojans, cryptominers, and information stealers like the Atomic macOS Stealer. On Hugging Face, attackers create repositories with multi-step infection chains targeting multiple operating systems. The platforms themselves are not compromised; rather, attackers exploit user trust in shared AI tools. The scale of this abuse is significant but not fully quantified.

The impact includes potential infections of Windows, macOS, Linux, and Android systems with various malware types such as trojans, cryptominers, information stealers, and malware loaders. This can lead to unauthorized data access, resource misuse, and system compromise. The platforms Hugging Face and ClawHub remain operational and uncompromised, but users downloading and executing malicious shared content face significant risk. No direct compromise of the AI platforms or their infrastructure has been reported.

No official patches or vendor advisories are provided regarding this threat. Since the platforms themselves are not compromised, mitigation focuses on user caution: avoid downloading and executing untrusted or suspicious files and AI skills from these platforms. Users and organizations should verify the legitimacy of shared AI tools before use and apply standard endpoint protections to detect and block malware execution. Patch status is not yet confirmed — check vendor advisories for any updates on mitigation or platform controls.