TechFlow news: On February 9, SlowMist’s security team discovered a large-scale supply chain poisoning attack targeting ClawHub, the plugin hub of the open-source AI Agent project OpenClaw. Attackers disguised malicious commands as “dependency installation/initialization” steps within SKILL.md files, using Base64 encoding to conceal them and executing a two-stage attack chain.
Security scans have identified 341 malicious skills. These malicious programs steal user passwords, collect host information and documents, and upload the stolen data to attacker-controlled servers. The associated malicious infrastructure is linked to the Poseidon hacker group.
Recommended protective measures:
- Audit the “installation steps” in all SKILL.md files
- Exercise caution when prompted to enter system passwords
- Only obtain dependencies and tools from official sources
SlowMist has issued an alert to its customers via the MistEye system, covering 472 malicious skills and associated IOCs.
