Security Advisory: OpenClaw Official Plugin Center ClawHub Targeted in Large-Scale Malicious Skill Poisoning Campaign

BlockBeats News, February 9th, SlowMist issued a security advisory. Recently, the open-source artificial intelligence agent project OpenClaw unexpectedly gained popularity. Its official plugin center, ClawHub, is gradually becoming a new target for supply chain poisoning attacks, posing a potential security risk to developers and users. Monitoring shows that 341 malicious skills have been identified, which usually masquerade as cryptocurrency assets, security checks, or automation tools.

Attackers use the SKILL.md file as the entry point for execution instructions, hiding malicious commands through Base64 encoding and employing a two-stage loading mechanism to evade detection. The first stage retrieves the payload via curl, and the second stage deploys a sample named dyrtvwjfveyxjf23, deceiving users into entering their system password and stealing local documents and system information. Users are advised to review any command requiring execution, be cautious of prompts to obtain system privileges, and always prefer obtaining tools through official channels.