TLDR
- Hackers poisoned OpenClaw plugins, using fake skills to spread backdoors widely
- Weak reviews let hundreds of malicious OpenClaw skills reach trusted users
- Coordinated attackers exploited OpenClaw’s plugin trust to steal data silently
- Malicious AI plugins targeted crypto and finance users through OpenClaw hub
- OpenClaw breach shows growing supply chain risks in AI plugin ecosystems
OpenClaw faced a major security breach after researchers confirmed that malicious plugins spread harmful code through its official hub. The attack reached a wide group of users and created new risks across the platform. The incident raised urgent concerns about weak screening across OpenClaw extensions.
Malicious Skills Spread Through ClawHub
OpenClaw saw attackers upload infected skills that used the platform’s trust to reach many systems. SlowMist reported that its tools identified hundreds of harmful plugins inside ClawHub. The findings showed that attackers targeted OpenClaw by exploiting missing or weak review checks.
These malicious skills appeared as normal dependency installers, tricking users during setup. The hidden commands activated backdoor functions after execution and enabled unauthorized access. The method allowed attackers to gain files and passwords through encoded payloads.
Most infected skills linked to one domain and one known IP linked to past abuse. The repeated use of the same structure indicated an organized, coordinated operation. The team said the scale of the attack suggested a deliberate attempt to exploit OpenClaw as a distribution channel.
Coordinated Operation Targets High-Trust Categories
The attack focused on skills labeled with financial, crypto and automation terms to encourage fast installation. These categories often carry strong user demand and thus lower hesitation during setup. The pattern indicated that attackers understood how OpenClaw users search for tools.
Multiple infected skills shared identical behavior and used the same infrastructure. The overlap confirmed that the group worked with a structured process and clear objectives. The approach also mirrored past supply chain poisoning campaigns against open ecosystems.
Security firms noted that similar patterns showed up across other AI plugin markets. The trend highlighted a wider issue affecting fast-growing software extensions. OpenClaw thus became part of a rising list of platforms exposed to unverified submissions.
Platform Gaps and Wider Context
OpenClaw operates as an open plugin environment and depends heavily on community skill uploads. This model speeds development yet exposes users to unreviewed components. Many hubs in this category face similar challenges due to limited checks.
A separate report last week said many AI skills across multiple platforms contained malicious code. The figures matched the scale seen within OpenClaw and reinforced concerns about weak security controls. The broader pattern suggested that attackers now view plugin ecosystems as high-value entry points.
SlowMist advised users to audit installation files and avoid granting broad system permissions. It also urged stronger oversight across plugin hubs to reduce hidden risks. The firm said OpenClaw must upgrade its review process to protect its community.
