A series of supply chain attacks at ClawHub: New threats faced by OpenClaw users

According to Foresight News, ClawHub, the official plugin platform of OpenClaw, is experiencing a serious supply chain attack. The platform’s inadequate verification system has allowed a large number of malicious skills to slip through, putting users’ systems at risk. So far, over 341 malicious skills have been identified, many disguised as cryptocurrency wallets, security tools, or automation scripts.

ClawHub Penetrated by Malicious Skills — Current State of the Supply Chain Attack

Attackers are exploiting the SKILL.md file as an entry point to execute commands on the system. Complex techniques aimed at evading detection are being used, with malicious instructions concealed through Base64 encoding. This supply chain attack is designed to progress without users noticing, making it easy for damage to spread without defenses in place.

Two-Stage Attack Mechanism — Detection Evasion and Payload Delivery

The attack employs an advanced two-stage loading mechanism. In the first stage, the payload is secretly retrieved via the curl command, and in the second stage, a sample named dyrtvwjfveyxjf23 is executed. This sample tricks the user into entering the system password and steals local documents and system information. This is a typical supply chain attack method that can threaten not only individual users but also the security of entire organizations.

Urgent Need for User Self-Defense — SlowMist’s Warning and Recommended Measures

Security firm SlowMist has issued several important warnings to users. First, it is crucial to verify the contents of any command before copying and executing it. Special caution is needed if a prompt requests system permissions. Additionally, plugins and tools should always be obtained through official channels, and downloads from third-party links should be avoided. As a future measure against supply chain attacks, users are advised to use trusted security tools and regularly scan their systems.