Unit 42’s audit of 49,943 skills in the OpenClaw agent-skill registry found approximately 2,497 containing multi-stage attack chains capable of credential theft, remote code execution, and agent hijacking. The registry has no automated integrity verification, no cryptographic signing, and no behavioral vetting. Any enterprise running LLM agents in production that consumes skills from OpenClaw or any unverified registry is potentially executing adversary-controlled code with the full privilege scope of the agent runtime.