Three intelligence items this week converge on the OpenClaw AI agent platform and its ClawHub skill marketplace as an active supply chain attack surface. Unit 42 documented five malicious skill packages introducing two novel agentic attack primitives (runtime affiliate injection and agentic front-running). Snyk’s ToxicSkills research identified 1,467 malicious payloads across ClawHub skills, with prompt injection vulnerabilities in 36% of analyzed packages. A separate Silverfort disclosure confirmed a ranking manipulation vulnerability in ClawHub that surfaced malicious packages as top search results. These are architectural and governance failures, not patchable flaws.