SlowMist: ClawHub is gradually becoming a new target for attackers to carry out supply chain poisoning

PANews February 9th News, according to SlowMist monitoring, the official plugin center ClawHub of the open-source AI Agent project OpenClaw is gradually becoming a new target for attackers to carry out supply chain poisoning. Due to the platform's lack of a comprehensive and strict review mechanism, a large number of malicious skills have been mixed in and used to spread malicious code or deliver harmful content, posing potential security risks to developers and users. According to a report by Koi Security, among the scan of 2,857 skills, 341 malicious skills were identified, reflecting a typical "plugin/extension marketplace supply chain poisoning" pattern.
SlowMist recommends not to take the "Installation Steps" in SKILL.md as a trusted source; any commands that require copying and pasting for execution should be audited first; be cautious of prompts asking for system password input, granting accessibility features, or system settings, as these are often points where risks escalate; prioritize obtaining dependencies and tools from official channels to avoid executing installation scripts from unknown sources.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments