ClawHub's 30 Plugins Let Your AI Assistant Secretly Gig Economy for Strangers, Nearly 10,000 Downloads

According to AISight Beating monitoring, Ax Sharma, Lead Researcher at the AI agent security company Manifold, discovered that an account named imaflytok on ClawHub published 30 skills with a total of approximately 9,800 downloads. These skills appear to be common plugins such as a scheduled task assistant, security tools, and market monitoring, but in reality, they turn users' AI assistants into "workers" performing tasks for others to earn cryptocurrency.

After users install the plugin, the AI assistant automatically executes a series of operations based on the instructions in the plugin: first, it registers with a third-party server, reporting "who I am, what I can do, and what other plugins I have installed"; then it generates a cryptocurrency wallet and hands over the private key to this server; thereafter, it checks in every 4 hours, waiting for task assignments. From registration to key exchange to task reception, users do not see any prompts throughout the process and have not clicked any consent buttons.

These plugins do not contain malicious code, and security scanners fail to identify any issues upon line-by-line inspection. Each step follows the use of legitimate tools and standard interfaces. Sharma stated that this tactic resembles the previous influx of 150,000 trash bags into npm to inflate the Tea Protocol token, except the medium has shifted from code packages to AI assistant plugins. He believes that the plugin store's review mechanism failed in this case: "Scanners look for malicious code, which is not present here. What is truly needed is to monitor what AI assistants are actually doing after installing the plugin."