Rewards Hub GoPlus Security has issued a critical alert regarding a vulnerability in OpenClaw's ClawHub skill repository. Discovered by Silverfort researchers, the flaw allows attackers to bypass security mechanisms and inflate download counts to over 20,000 using a single curl request. This manipulation can elevate malicious skills to top search rankings, potentially leading to the installation of harmful software that steals sensitive data, including crypto wallets and API keys.
The vulnerability was patched within 24 hours, but GoPlus cautions users that high download counts do not guarantee security. They recommend employing AgentGuard for enhanced security scanning and protection against such threats.
GoPlus Security Warns of ClawHub Download Forgery Vulnerability
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.