logo

SlowMist Unveils Security Vulnerabilities in ClawHub’s AI Ecosystem

By: crypto insight|2026/02/20 19:00:06
0
Share
copy
xx
aiai
gmixgmix
cryptocrypto
securitysecurity

Key Takeaways

  • SlowMist identifies 1,184 malicious skills on ClawHub aimed at stealing sensitive data.
  • The identified threats include Base64-encoded backdoors that exfiltrate data to malicious servers.
  • Users are advised to scrutinize commands in SKILL.md files and avoid unverified dependencies.
  • ClawHub’s insufficient review mechanisms have allowed for a significant influx of malicious plugins.
  • Recent incidents underscore the risks posed by inadequate security measures in AI plugin ecosystems.

WEEX Crypto News, 20 February 2026

In a significant development in the cybersecurity landscape, blockchain security firm SlowMist has uncovered major vulnerabilities within the ClawHub AI plugin ecosystem, operated by OpenClaw. According to an announcement on the X platform by Yu Xian, SlowMist’s founder, a staggering 1,184 malicious skills have been identified on the marketplace. These malicious plugins are designed to compromise sensitive data like SSH keys, cryptographic wallets, and browser passwords.

Malicious Skills and Security Breaches

The threat assessment carried out by SlowMist highlights a concerning trend in the digital security domain. The malicious skills identified are not just theoretical risks but active threats that have already been downloaded thousands of times. These skills exploit vulnerabilities in plugin directories following the AgentSkills standard, embedding harmful code within seemingly legitimate functions.

One prominent example of these threats involves the use of Base64-encoded backdoors. These backdoors activate upon execution, scanning user directories including ‘Desktop’, ‘Documents’, and ‘Downloads’ for sensitive files. The compromised data is then zipped along with system information and sent to command-and-control servers, such as the domain socifiapp.com, which has been flagged for Remote Access Trojan (RAT) activities since mid-2025.

Recommendations from SlowMist

To mitigate these threats, SlowMist recommends that users inspect all commands within SKILL.md files before allowing execution. This precautionary measure is crucial to prevent unauthorized data leakage or system compromise. Additionally, the importance of sourcing AI tool dependencies exclusively from verified channels cannot be overstated to ensure the integrity of the integrated systems.

The use of discrete AI environments is also advised, minimizing the risk posed by potentially harmful skills in complex Web3 environments. This is vital as the conventional contract-based security approaches in Web3 are proving insufficient against the evolving threat landscape.

-- Price

--

Challenges in ClawHub

ClawHub’s plugin marketplace has rapidly evolved, attracting many AI developers due to its open-source nature. However, this growth has inadvertently attracted malicious actors exploiting its insufficient review mechanisms. Out of 2,857 plugins reviewed, security teams discovered 341 harboring malicious code, highlighting a significant breach of platform integrity. The unchecked distribution of these harmful plugins exemplifies a typical supply chain attack, compromising the very environments they are supposed to enhance.

This situation has pushed OpenClaw to enhance its review processes, aiming for a more rigorous control over its expanding plugin ecosystem. Users are urged to remain cautious and to refrain from executing unverified commands until more robust verification processes are established.

Broader Implications for AI and Security

The implications of these findings extend beyond ClawHub and highlight a pervasive issue within AI and plugin ecosystems. As demonstrated by the ongoing analyses and findings from SlowMist’s MistEye monitoring tool, the potential for widespread exploitation due to inadequate security protocols is substantial.

Furthermore, the recent financial exploit faced by Moonwell, a DeFi platform, underscores the vulnerabilities in smart contract code often co-authored by AI tools without adequate peer review. This incident, involving a misconfiguration leading to a $1.78 million loss, serves as a cautionary tale of the risks tied to AI-generated code in high-stakes environments.

FAQs

What are the primary threats identified by SlowMist on ClawHub?

SlowMist found that 1,184 malicious skills were uploaded to ClawHub, which exploit vulnerabilities to steal SSH keys, encrypted wallets, and more. These include skills with Base64-encoded backdoors that exfiltrate data.

How do the malicious skills on ClawHub operate?

These malicious skills hide harmful code that users inadvertently activate. On execution, they download additional malicious payloads, scan directories for sensitive information, and send this data to command-and-control servers.

What can users do to protect themselves from such threats?

SlowMist advises users to thoroughly inspect all commands found in SKILL.md files and avoid granting unnecessary permissions. It’s also crucial to source dependencies from trusted channels and employ isolated AI environments.

Why is ClawHub considered a target for supply chain attacks?

ClawHub’s rapid growth and open-source nature make it attractive to developers, but its weak review processes allow malicious plugins to proliferate, resulting in supply chain-style vulnerabilities.

How does the SlowMist discovery impact future security practices?

The findings highlight the urgent need for improved review mechanisms in AI and Web3 environments. Incorporating stringent security audits and separating code generation from execution are critical to mitigating these threats.

Embracing robust security protocols not only shields developers and systems from current threats but also fortifies against the rapidly evolving landscape of cyber threats. This call to action is particularly pertinent for platforms like ClawHub, which must bolster their defenses to sustain user trust and foster a secure digital ecosystem.

For more comprehensive coverage on how to protect your digital assets and the latest developments in blockchain security, consider joining the conversation on WEEX and explore different strategies to enhance your crypto portfolio. [Sign up with WEEX here](https://www.weex.com/register?vipCode=vrmi).

You may also like

Atkins Marks One-Year Anniversary at SEC: Crypto Regulation Shifts from ‘Enforcement Heavy’ to ‘Rulemaking Mode’

Before the bill is passed, the SEC's cryptocurrency regulatory framework remains in a transition state of "administrative guidance + enforcement actions."

Under Political Pressure, Is the Federal Reserve Still Independent?

Powell believes that political pressure is not a threat, and what truly determines the Fed's independence is the Fed itself.

Yellen's Past Remarks: How Will This Incoming "Fed Chair" Disrupt the Federal Reserve? Janet Yellen, who is expected to become the next Chair of the Federal Reserve, has made several significant statements in the past regarding monetary policy, financ...

Powell's reform blueprint not only looks bold and ambitious, but also directly targets many vulnerabilities of the Federal Reserve. Facing the upcoming Senate confirmation hearing, how will this Fed's presumptive new "helmsman" reshape the future of the world's largest central bank?

ZachXBT vs. RAVE: Is a “Clean” Market Really What Speculators Want?

While cleaning up manipulation, it may also involve cleaning up liquidity

Arbitrum Poses as Hacker, 'Steals' Back Money Lost by KelpDAO

Even though Arbitrum wielded the admin key, the battle is far from over.

Without Cook's Apple, Can it Still Grow in the AI Era?

The iPhone Remains at its Peak, But Apple is at a Turning Point
The Joker is back
Bigger pools, auto-play, lucky buffs.
The Joker is backJoin now and grab your rewards.

Contents

Popular coins

Latest Crypto News

18:42

The three major indices in the US stock market rose before the market opened, with Meta (META) up 0.71%

According to Gate market data, the three major U.S. stock indices rose before the market opened, with the Nasdaq up 0.23%, the Dow up 0.12%, and the S&P 500 up 0.17%.Most of the seven major tech stocks rose before the market opened, with Apple (AAPL) up 0.4%, Microsoft (MSFT) up 0.49%, Alphabet (GOO...
18:42

Driven by artificial intelligence, JPMorgan has raised its S&P 500 index target to 7,600 points

According to Jinshi reports, strategists at JPMorgan Chase have stated that the renewed enthusiasm for artificial intelligence technology will drive the U.S. stock market to exceed expectations this year. The bank has raised its annual target for the S&P 500 index to 7,600 points, up from 7,200 poin...
18:42

Aave's TVL has dropped to $16.432 billion, with some funds flowing into Spark

According to monitoring by Lookonchain, funds continue to flow out of Aave, with some flowing into Spark. Data shows that Aave's TVL has dropped to $16.432 billion, a decrease of about $9.94 billion compared to before; meanwhile, Spark's TVL has risen to $4.552 billion, an increase of about $825 mil...
18:42

Data: If BTC falls below 72,667 USD, the cumulative long liquidation intensity on mainstream CEX will reach 1.803 billion USD

According to Coinglass data, if BTC falls below $72,667, the cumulative long liquidation intensity on major CEXs will reach $1.803 billion. Conversely, if BTC breaks above $79,883, the cumulative short liquidation intensity on major CEXs will reach $1.399 billion.
18:42

Data: If ETH falls below $2,211, the cumulative long liquidation intensity on major CEXs will reach $1.047 billion

According to Coinglass data, if ETH falls below $2,211, the cumulative long liquidation intensity on mainstream CEX will reach $1.047 billion. Conversely, if ETH breaks above $2,441, the cumulative short liquidation intensity on mainstream CEX will reach $944 million.
Read more
Community
iconiconiconiconiconiconicon

Customer Support Bot@WEEX_support_smart_Bot

VIP Servicessupport@weex.com