Skip to content
OBLAIDISH NEWS
signal_tag · 1_broadcasts

#llm-based-scanning

// 1 transmissions tagged with #llm-based-scanning

npm v12 and pnpm can't stop 341 malicious AI skills
TX_186648· AI

npm v12 and pnpm can't stop 341 malicious AI skills

A supply-chain breach in the ClawHub AI skill marketplace exposed 341 malicious skills, despite npm v12 blocking install scripts and pnpm enforcing a 1-day cooldown. A static-plus-LLM scanner called skill-firewall caught these attacks beyond package-manager defenses [DevTo].