OpenClaw’s fast-growing plugin store, ClawHub, is under security spotlight after blockchain security firm SlowMist uncovered a large batch of malicious skills on the platform.
The finding points to weak review checks that allowed hidden, harmful code to spread through developer tools.
SlowMist revealed that OpenClaw’s official plugin hub, known as ClawHub, has become a new target for supply chain-style attacks. The platform recently gained rapid popularity among AI agent developers, but its plugin screening process did not keep pace with growth.
Because plugin reviews were not strict enough, attackers were able to publish many dangerous skills that looked useful on the surface but carried hidden risks.
SlowMist teams say this type of attack is especially risky because developers often trust official plugin centers and follow installation steps without deep inspection.
During a broad scan of the ClawHub ecosystem, security researchers found a high number of unsafe plugins. A separate scan by Koi Security reviewed 2,857 skills and flagged 341 as malicious.
SlowMist’s deeper tracking reviewed more than 400 threat indicators and found clear patterns, many of the bad plugins connected back to the same small group of domains and server addresses.
However, Slowmist says that this suggests an organized and repeated attack effort, not random uploads.
According to the researchers, the main weakness comes from how OpenClaw skills are built. Many rely on instruction files that users run directly during setup. Attackers abused this by placing hidden download-and-run commands inside those instructions.
In many cases, the first attackers used coded messages to hide their real commands. When the code is decoded and run, it secretly downloads another program from an outside server. Secondly, that program then carries out the actual attack.
This two-step method helps attackers avoid early detection and lets them change the harmful program anytime without updating the visible plugin page.
SlowMist said its review of hundreds of threat indicators showed many of these plugins connected to the same small set of domains and IP addresses, 91.92.242.30. This suggests a planned, group-driven campaign rather than random one-off attacks.
Security teams are now warning OpenClaw users to double-check skill instructions and avoid running unknown command steps until stronger review controls are in place.
OpenClaw’s ClawHub hosted malicious plugins that slipped through weak reviews, exposing developers to hidden code and supply chain-style attacks.
Security scans flagged 341 malicious plugins out of 2,857 reviewed, indicating a large and coordinated threat inside the ClawHub ecosystem.
Avoid running unknown setup commands, review instructions carefully, and limit plugin installs until stronger security checks are enforced.
One year after launching its Open Network, Pi Network is navigating a challenging phase. While…
Bitcoin is starting the week on firmer ground after a dramatic 24 hours that shook…
Story Highlights The live price of Notcoin (NOT) is . Notcoin may trade between $0.020–$0.060…
Story Highlights The live price of the OFFICIAL TRUMP TRUMP memecoin cools near $5.66 as…
Story Highlights Pi Coin Live Price is Price prediction for 2026 targets $0.85, with potential…
Story Highlights The live price of the MANA crypto token is . Price predictions for…
