Rewards Hub ClawHub, the official plugin center for the OpenClaw AI project, is increasingly targeted by attackers for supply chain poisoning, according to SlowMist monitoring. The platform's insufficient review mechanisms have allowed the infiltration of numerous malicious skills, posing security risks to developers and users. A report by Koi Security identified 341 malicious skills out of 2,857 scans, highlighting a prevalent issue in plugin marketplaces. SlowMist advises caution with installation steps in SKILL.md files and recommends auditing commands, avoiding unknown installation scripts, and obtaining tools from official sources.
ClawHub Faces Supply Chain Poisoning Threats, SlowMist Warns
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.