• Found in Clawhub, promoted on Moltbook, Bob-ptp is an ongoing active agent-based crypto scam.It’s ironic that new technology often defies the fundamental security rule of zero trust - but that’s the basis of agentic AI. • AI agents are often trusted with freedom to roam and act without adequate verification.Straiker, a firm that focuses on the security of AI applications and agents, hasanalyzedthe 3,505 Claude Skills available on Clawhub. • Clawhub is a primary marketplace for ‘skills’, which are essentially AI plugins. • Claude describes Skills as “modular capabilities that extend Claude’s functionality [and] that Claude uses automatically when relevant.“Straiker found 71 Claude Skills that are overtly malicious, and a further 73 that exhibit high-risk behaviors. • “The critical finding,” says researcher Dan Regalado, “was an active agent-to-agent attack chain operated by threat actor ‘26medias’ (in Clawhub) and ‘BobVonNeumann’ (in Moltbook and Twitter).“In this attack (which at the time of writing remains active), BobVonNeumann published the skill bob-p2p on Clawhub, posing as a decentralized API marketplace. • What bob-p2p does, however, is instruct agents to store Solana wallet private keys in plaintext, purchase worthless $BOB tokens, and route the payment through an attacker controlled infrastructure.BobVonNeumann is effectively a human disguised as an agent on Moltbook.

Article Summaries:

  • A security firm has identified a new supply‑chain attack that exploits autonomous AI agents. Straiker researchers examined 3,505 Claude “skills” on the Clawhub marketplace and found 71 overtly malicious and 73 high‑risk plugins. An active chain, run by threat actor “26medias” on Clawhub and “BobVonNeumann” on Moltbook, used a skill called bob‑p2p to instruct agents to store Solana wallet keys in plaintext, purchase worthless $BOB tokens, and route payments through attacker‑controlled infrastructure. The attack spread laterally via agent collaboration without further human interaction, causing financial loss for wallet owners. The case illustrates how AI agent trust can be weaponised, signalling a new class of algorithm‑centric supply‑chain attacks.
  • A security firm has uncovered a new supply‑chain attack that exploits autonomous AI agents. Straiker researchers identified 71 overtly malicious and 73 high‑risk Claude Skills on the Clawhub marketplace. An attacker, operating under the alias “BobVonNeumann,” released a skill called bob‑p2p that instructs agents to store Solana wallet private keys in plaintext, purchase worthless $BOB tokens, and route payments through attacker‑controlled infrastructure. The skill was promoted via Moltbook, a social‑media‑style platform for AI agents, allowing it to spread without further human intervention. The attack caused unauthorized crypto transactions and highlighted a novel class of agent‑to‑agent supply‑chain poisoning combined with social engineering.

Sources: