SlowMist: OpenClaw Ecosystem Plugin Center ClawHub Suffers Large-Scale Supply Chain Poisoning Attack

According to SlowMist monitoring, ClawHub, the official plugin center for the open-source AI agent project OpenClaw, is becoming a target of supply chain poisoning attacks. Due to the platform's lack of a strict review mechanism, a large number of malicious skills have infiltrated it, used to spread malicious code. Monitoring shows that 341 malicious skills have been identified, which often disguise themselves as crypto assets, security checks, or automation tools.

Analysis by the SlowMist security team found that attackers use the SKILL.md file as the entry point for execution commands, hide malicious commands through Base64 encoding, and employ a two-stage loading mechanism to evade detection. The first stage retrieves the payload via curl, and the second stage deploys a sample named dyrtvwjfveyxjf23, aiming to trick users into entering system passwords and steal local documents and system information.

Currently, the MistEye system has triggered high-risk alerts, covering 472 malicious skills and associated indicators. SlowMist advises users to review any commands requiring copy-and-execute, be vigilant about prompts requesting system permissions, and prioritize obtaining tools through official channels.