Security Advisory: OpenClaw Official Plugin Center ClawHub Targeted in Large-Scale Malicious Skill Poisoning Campaign

By: theblockbeats.news|2026/02/09 14:00:52

0

Share

copy

BlockBeats News, February 9th, SlowMist issued a security advisory. Recently, the open-source artificial intelligence agent project OpenClaw unexpectedly gained popularity. Its official plugin center, ClawHub, is gradually becoming a new target for supply chain poisoning attacks, posing a potential security risk to developers and users. Monitoring shows that 341 malicious skills have been identified, which usually masquerade as cryptocurrency assets, security checks, or automation tools.

Attackers use the SKILL.md file as the entry point for execution instructions, hiding malicious commands through Base64 encoding and employing a two-stage loading mechanism to evade detection. The first stage retrieves the payload via curl, and the second stage deploys a sample named dyrtvwjfveyxjf23, deceiving users into entering their system password and stealing local documents and system information. Users are advised to review any command requiring execution, be cautious of prompts to obtain system privileges, and always prefer obtaining tools through official channels.

You may also like

Oracle "Outage": Aave Faces $27 Million Irregular Liquidation

Oracle "Outage": Aave Faces $27 Million Irregular Liquidation

The guardian has turned into the reaper. An internal configuration mistake caused the largest DeFi lending protocol to **accidentally** liquidate 34 accounts.

A single tweet caused a 17% crash in oil prices, who's not a Meme yet

A single tweet caused a 17% crash in oil prices, who's not a Meme yet

From the Petrodollar to the Meme Era: Why a Single Tweet Tanked Global Oil Prices

March 11th Market Key Intelligence, How Much Did You Miss?

March 11th Market Key Intelligence, How Much Did You Miss?

1. On-chain Fund: $47.1M inflow to Hyperliquid today; $75.4M outflow from Ethereum 2. Largest Price Swings: $XAI, $BTW 3. Top News: G7 Pre-Summit Pledge to "Principally Support Strategic Crude Oil Reserve Use"; Four Whales Open Large Short Positions Against Crude Oil Today

Benefit-Loaded Event | With over 500 sign-ups, how else can this Lobster Tug-of-War Extravaganza be spiced up?

Benefit-Loaded Event | With over 500 sign-ups, how else can this Lobster Tug-of-War Extravaganza be spiced up?

a16z’s Brutal Lesson to Crypto Founders: Why Enterprises Don’t Buy the Best Technology?

a16z’s Brutal Lesson to Crypto Founders: Why Enterprises Don’t Buy the Best Technology?

If your product is "obviously better" but still can't win, the gap lies not in performance, but in product-market fit.

The rivers and lakes are no more, Li Lin returns

The rivers and lakes are no more, Li Lin returns

We no longer need a larger exchange or more complex financial products; we hope to see more individuals like Li Lin in the industry, who can drive innovations that truly open up boundaries for the industry.

Earn Up to 300% APR With WEEX Auto Earn: Limited-Time Crypto Passive Income Event

Earn Up to 300% APR With WEEX Auto Earn: Limited-Time Crypto Passive Income Event

Earn up to 300% APR with WEEX Auto Earn in this limited-time crypto earning campaign. Activate Auto Earn, invite friends, and unlock additional referral crypto rewards before March 25.

BitsLab Deep Production: Nanobot User Security Practice Guide

BitsLab Deep Production: Nanobot User Security Practice Guide

BitsLab releases AI Agent Security Guidelines: Through a three-pronged strategy of "User Review + Agent Awareness + Script Hard Interception," a zero-trust security defense line is established to prevent prompt injection and sensitive data leakage risks.

What are the common traits of people who founded a $5 Billion+ company before the age of 23?

What are the common traits of people who founded a $5 Billion+ company before the age of 23?

Trauma, Neurodiversity, Cross-Domain Skills. These characteristics, which may appear as "flaws" on a traditional resume, could instead be the most important signals

Why Hasn't $160 Billion Stripe Gone Public?

Why Hasn't $160 Billion Stripe Gone Public?

The Rise of Private Placements, with Companies like Stripe Rewriting Fundraising Logic.

All the AI News You Need to Know is Here, Lyrical Officially Launches AI News Feed

All the AI News You Need to Know is Here, Lyrical Officially Launches AI News Feed

Users can access key information in real time without switching pages

Bitwise: Why Bitcoin Is Destined to Impact a Million Dollars?

Bitwise: Why Bitcoin Is Destined to Impact a Million Dollars?

When people talk about Bitcoin, they often overlook one key thing.

Amid Geopolitical Turmoil, Tokenized Gold Emerges Alongside Round-the-Clock On-Chain Markets

Amid Geopolitical Turmoil, Tokenized Gold Emerges Alongside Round-the-Clock On-Chain Markets

When the stock market is closed, the on-chain becomes the sole trading and pricing outlet.

Who Longs War on Polymarket?

Who Longs War on Polymarket?

The Rug Pull War rages on, with the potential to earn up to 4x gains on your bet

4 AI Trading Strategy Lessons from WEEX Hackathon Finalist

4 AI Trading Strategy Lessons from WEEX Hackathon Finalist

Finalist Bambi shares how AI tools helped turn real trading experience into an automated strategy, why survival-first risk control shaped the system’s design, and how the approach will evolve ahead of WEEX AI Trading Hackathon Season 2.

Hong Kong Crypto Ecosystem 2.0: Stablecoins, RWA, and the New Battleground for Financial Institutions

Hong Kong Crypto Ecosystem 2.0: Stablecoins, RWA, and the New Battleground for Financial Institutions

Hong Kong is no longer just a bystander in the cryptocurrency industry, but may become the core hub of the compliant cryptocurrency market in the Chinese-speaking world and even the entire Asia-Pacific region.

Polymarket Arbitrage Bible: The Real Gap is in the Mathematical Infrastructure

Polymarket Arbitrage Bible: The Real Gap is in the Mathematical Infrastructure

While retail investors are still engaged in simple probability addition, top quantitative teams are systematically harvesting millions of dollars in arbitrage profits on Polymarket using hardcore mathematical infrastructure such as integer programming and Bregman projections.

Crypto Barbarians Jupiter Series: Still Owes the Market an Answer

Crypto Barbarians Jupiter Series: Still Owes the Market an Answer

This entrepreneurial team from Singapore and Malaysia has indeed demonstrated its product execution capabilities to the market over the past three years, but they have also fully arbitraged every regulatory gray area with their business logic.

Oracle "Outage": Aave Faces $27 Million Irregular Liquidation

The guardian has turned into the reaper. An internal configuration mistake caused the largest DeFi lending protocol to **accidentally** liquidate 34 accounts.

A single tweet caused a 17% crash in oil prices, who's not a Meme yet

From the Petrodollar to the Meme Era: Why a Single Tweet Tanked Global Oil Prices

March 11th Market Key Intelligence, How Much Did You Miss?

1. On-chain Fund: $47.1M inflow to Hyperliquid today; $75.4M outflow from Ethereum 2. Largest Price Swings: $XAI, $BTW 3. Top News: G7 Pre-Summit Pledge to "Principally Support Strategic Crude Oil Reserve Use"; Four Whales Open Large Short Positions Against Crude Oil Today

Benefit-Loaded Event | With over 500 sign-ups, how else can this Lobster Tug-of-War Extravaganza be spiced up?

a16z’s Brutal Lesson to Crypto Founders: Why Enterprises Don’t Buy the Best Technology?

If your product is "obviously better" but still can't win, the gap lies not in performance, but in product-market fit.

The rivers and lakes are no more, Li Lin returns

We no longer need a larger exchange or more complex financial products; we hope to see more individuals like Li Lin in the industry, who can drive innovations that truly open up boundaries for the industry.

Popular coins

Latest Crypto News

02:47

Morgan Stanley: Oil price shock may delay the Fed's rate cut timing

According to Jinshi News, Morgan Stanley stated that the Federal Reserve may resume interest rate cuts as early as June, but the oil price shock caused by the Iran war could delay the Fed's actions. Although rising energy prices may exacerbate inflation, the bank's economists still maintain their pr...

02:47

Data: If BTC falls below $67,197, the cumulative long liquidation intensity on major CEX will reach $1.694 billion

According to Coinglass data, if BTC falls below $67,197, the cumulative long liquidation intensity on major CEXs will reach $1.694 billion. Conversely, if BTC breaks above $74,189, the cumulative short liquidation intensity on major CEXs will reach $1.093 billion.

02:47

Data: If ETH falls below $1,970, the cumulative long liquidation intensity on major CEXs will reach $1 billion

According to Coinglass data, if ETH falls below $1,970, the cumulative long liquidation intensity on major CEXs will reach $1 billion. Conversely, if ETH breaks above $2,168, the cumulative short liquidation intensity on major CEXs will reach $568 million.

02:47

Data: 33,800 QNT transferred from Kraken, worth approximately 2.1192 million USD

According to Arkham data, at 02:40, 33,799.52 QNT (worth approximately $2,119,200) was transferred from Kraken to Revolut.

01:43

Fitch: Expects the Federal Reserve to cut interest rates twice in 2026

According to Jinshi reports, Fitch stated that the cooling labor market and slowing wage growth are likely to persuade the Federal Reserve to cut interest rates twice in 2026.