SlowMist: 472 Malicious AI Plugins Poison OpenClaw’s ClawHub, Targeting Crypto Users
Security firm SlowMist reported that OpenClaw’s official plugin hub, ClawHub, has been hit by a large supply-chain poisoning campaign. SlowMist’s Web3 threat intelligence system, MistEye, flagged 472 AI “skills” containing malicious code. The infected plugins often posed as dependency installers and concealed backdoors (Base64-encoded) that can steal passwords and personal files, enabling subsequent extortion. Most malicious packages trace back to the same domain (socifiapp[.]com) and shared IPs tied to Poseidon infrastructure, suggesting a coordinated group operation. Attackers favored names related to crypto, finance and automation to lower users’ guard. SlowMist recommends auditing SKILL.md sources, avoiding copy-paste install commands, and being wary of prompts requesting passwords, accessibility permissions or system configuration changes. A separate Koi Security analysis found 341 out of 2,857 AI skills contained malicious code, underscoring a broader pattern of plugin-based supply-chain attacks. For traders, the alert highlights heightened risk to endpoints that store keys or access exchanges, and the need for stricter plugin hygiene and device security.
Bearish
This report raises security concerns specifically for crypto traders because infected AI plugins can exfiltrate wallet credentials, API keys and personal data—directly threatening funds and exchange access. Supply-chain poisoning that targets developer and automation tools tends to reduce confidence in third-party integrations and endpoint security. Historically, widely publicized wallet breaches or malware campaigns (e.g., malicious browser extensions, compromised npm packages) led to short-term sell pressure and increased volatility as users withdraw funds, reduce leverage, or pause trading to secure assets. In the short term expect cautious behavior: reduced use of new plugins, potential off-exchange withdrawals, and heightened volatility on assets associated with targeted communities. Long term, repeated supply-chain incidents drive demand for hardened security, audits, and curated plugin markets, which can restore confidence but raise operational frictions. Overall the immediate impact is negative for market sentiment (bearish), though it’s not systemic to core protocols—more a threat to user infrastructure and custodial safety than to fundamental network security.