SlowMist Unveils Security Vulnerabilities in ClawHub’s AI Ecosystem

Key Takeaways

• SlowMist identifies 1,184 malicious skills on ClawHub aimed at stealing sensitive data.
• The identified threats include Base64-encoded backdoors that exfiltrate data to malicious servers.
• Users are advised to scrutinize commands in SKILL.md files and avoid unverified dependencies.
• ClawHub’s insufficient review mechanisms have allowed for a significant influx of malicious plugins.
• Recent incidents underscore the risks posed by inadequate security measures in AI plugin ecosystems.

WEEX Crypto News, 20 February 2026

In a significant development in the cybersecurity landscape, blockchain security firm SlowMist has uncovered major vulnerabilities within the ClawHub AI plugin ecosystem, operated by OpenClaw. According to an announcement on the X platform by Yu Xian, SlowMist’s founder, a staggering 1,184 malicious skills have been identified on the marketplace. These malicious plugins are designed to compromise sensitive data like SSH keys, cryptographic wallets, and browser passwords.

Malicious Skills and Security Breaches

The threat assessment carried out by SlowMist highlights a concerning trend in the digital security domain. The malicious skills identified are not just theoretical risks but active threats that have already been downloaded thousands of times. These skills exploit vulnerabilities in plugin directories following the AgentSkills standard, embedding harmful code within seemingly legitimate functions.

One prominent example of these threats involves the use of Base64-encoded backdoors. These backdoors activate upon execution, scanning user directories including ‘Desktop’, ‘Documents’, and ‘Downloads’ for sensitive files. The compromised data is then zipped along with system information and sent to command-and-control servers, such as the domain socifiapp.com, which has been flagged for Remote Access Trojan (RAT) activities since mid-2025.

Recommendations from SlowMist

To mitigate these threats, SlowMist recommends that users inspect all commands within SKILL.md files before allowing execution. This precautionary measure is crucial to prevent unauthorized data leakage or system compromise. Additionally, the importance of sourcing AI tool dependencies exclusively from verified channels cannot be overstated to ensure the integrity of the integrated systems.

The use of discrete AI environments is also advised, minimizing the risk posed by potentially harmful skills in complex Web3 environments. This is vital as the conventional contract-based security approaches in Web3 are proving insufficient against the evolving threat landscape.

Challenges in ClawHub

ClawHub’s plugin marketplace has rapidly evolved, attracting many AI developers due to its open-source nature. However, this growth has inadvertently attracted malicious actors exploiting its insufficient review mechanisms. Out of 2,857 plugins reviewed, security teams discovered 341 harboring malicious code, highlighting a significant breach of platform integrity. The unchecked distribution of these harmful plugins exemplifies a typical supply chain attack, compromising the very environments they are supposed to enhance.

This situation has pushed OpenClaw to enhance its review processes, aiming for a more rigorous control over its expanding plugin ecosystem. Users are urged to remain cautious and to refrain from executing unverified commands until more robust verification processes are established.

Broader Implications for AI and Security

The implications of these findings extend beyond ClawHub and highlight a pervasive issue within AI and plugin ecosystems. As demonstrated by the ongoing analyses and findings from SlowMist’s MistEye monitoring tool, the potential for widespread exploitation due to inadequate security protocols is substantial.

Furthermore, the recent financial exploit faced by Moonwell, a DeFi platform, underscores the vulnerabilities in smart contract code often co-authored by AI tools without adequate peer review. This incident, involving a misconfiguration leading to a $1.78 million loss, serves as a cautionary tale of the risks tied to AI-generated code in high-stakes environments.

FAQs

What are the primary threats identified by SlowMist on ClawHub?

SlowMist found that 1,184 malicious skills were uploaded to ClawHub, which exploit vulnerabilities to steal SSH keys, encrypted wallets, and more. These include skills with Base64-encoded backdoors that exfiltrate data.

How do the malicious skills on ClawHub operate?

These malicious skills hide harmful code that users inadvertently activate. On execution, they download additional malicious payloads, scan directories for sensitive information, and send this data to command-and-control servers.

What can users do to protect themselves from such threats?

SlowMist advises users to thoroughly inspect all commands found in SKILL.md files and avoid granting unnecessary permissions. It’s also crucial to source dependencies from trusted channels and employ isolated AI environments.

Why is ClawHub considered a target for supply chain attacks?

ClawHub’s rapid growth and open-source nature make it attractive to developers, but its weak review processes allow malicious plugins to proliferate, resulting in supply chain-style vulnerabilities.

How does the SlowMist discovery impact future security practices?

The findings highlight the urgent need for improved review mechanisms in AI and Web3 environments. Incorporating stringent security audits and separating code generation from execution are critical to mitigating these threats.

Embracing robust security protocols not only shields developers and systems from current threats but also fortifies against the rapidly evolving landscape of cyber threats. This call to action is particularly pertinent for platforms like ClawHub, which must bolster their defenses to sustain user trust and foster a secure digital ecosystem.

For more comprehensive coverage on how to protect your digital assets and the latest developments in blockchain security, consider joining the conversation on WEEX and explore different strategies to enhance your crypto portfolio. [Sign up with WEEX here](https://www.weex.com/register?vipCode=vrmi).