SlowMist: ClawHub is gradually becoming a new target for attackers to carry out supply chain poisoning

PANews February 9th News, according to SlowMist monitoring, the official plugin center ClawHub of the open-source AI Agent project OpenClaw is gradually becoming a new target for attackers to carry out supply chain poisoning. Due to the platform’s lack of a comprehensive and strict review mechanism, a large number of malicious skills have been mixed in and used to spread malicious code or deliver harmful content, posing potential security risks to developers and users. According to a report by Koi Security, among the scan of 2,857 skills, 341 malicious skills were identified, reflecting a typical “plugin/extension marketplace supply chain poisoning” pattern. SlowMist recommends not to take the “Installation Steps” in SKILL.md as a trusted source; any commands that require copying and pasting for execution should be audited first; be cautious of prompts asking for system password input, granting accessibility features, or system settings, as these are often points where risks escalate; prioritize obtaining dependencies and tools from official channels to avoid executing installation scripts from unknown sources.