30 plugins on ClawHub allow your AI assistant to secretly work for strangers to earn coins, nearly ten thousand downloads

According to Beating Monitoring, AI agent security company Manifold’s research lead Ax Sharma discovered that an account called imaflytok on ClawHub posted 30 skills, with approximately 9,800 downloads in total.
These skills appear to be common plugins like scheduled task assistants, security tools, and market monitoring, but in reality, they turn users’ AI assistants into “workers” that do jobs for others to earn cryptocurrency behind the scenes.

After users install the plugins, the AI assistant automatically executes a series of operations based on the instructions in the plugin files: first registering with a third-party server, reporting “what I am called, what I can do, and which other plugins I have installed”; then generating a cryptocurrency wallet and handing over the private key to this server; afterward, checking in every four hours, waiting for task assignments. From registration to handing over the keys to accepting work, users see no prompts and never click any consent buttons.

These plugins contain no malicious code, and security scanners cannot find any issues when checking line by line; all steps use legitimate tools and standard interfaces. Sharma said this is similar to the previous tactic where 150k spam packages flooded npm to manipulate the Tea Protocol token, only the medium has shifted from code packages to AI assistant plugins. He believes the review mechanism in plugin stores has failed here: “Scanners look for malicious code, but there isn’t any. What is truly needed is monitoring what the AI assistant actually does after installing the plugins.”