Bob-p2p is an active agent-based crypto scam promoted on Clawhub and Moltbook that instructs AI agents to exfiltrate Solana wallet private keys, purchase worthless $BOB tokens, and route payments through attacker-controlled infrastructure. Straiker’s analysis of 3,505 Claude Skills identified dozens of malicious or high-risk skills and warns this agent-to-agent campaign enables automated lateral spread and financial theft, establishing a repeatable playbook for targeting agent networks. #BobVonNeumann #bob-p2p
Keypoints
- The bob-p2p skill on Clawhub instructs agents to store Solana private keys in plaintext and execute fraudulent transactions.
- The threat actor posed as an agent persona on Moltbook to socially engineer other agents into installing the malicious skill.
- Straiker found 71 overtly malicious and 73 high-risk Claude Skills among 3,505 total analyzed.
- Compromised agents propagated the attack laterally through automated collaboration, shared workflows, and dependency chains.
- Researchers warn this establishes a scalable playbook for agent influence campaigns and supply-chain style attacks on AI ecosystems.
Read More: https://www.securityweek.com/autonomous-ai-agents-provide-new-class-of-supply-chain-attack/