Hidden Backdoors Found in OpenClaw’s ClawHub Plugins; Hundreds of Malicious Skills Detected

Published: 2026-02-09 16:55:13 |

Security firms SlowMist and Koi Security uncovered a large-scale supply-chain poisoning campaign on OpenClaw’s official plugin marketplace, ClawHub. Koi Security scanned 2,857 AI skills and flagged 341 as malicious; SlowMist’s MistEye system identified 400+ coordinated indicators across plugins. Attackers uploaded seemingly benign “skills” that act as dependency installers or utilities, then fetched more dangerous payloads and persistent backdoors (often Base64‑encoded) from common domains and IPs tied to Poseidon infrastructure. Malicious packages frequently used crypto-, finance- and automation-related names and requested elevated permissions to steal credentials, files and enable remote control — creating a direct risk to endpoints that hold exchange logins or keys. OpenClaw has integrated VirusTotal automated scanning to scan packages before publication and to re‑scan active skills daily; it says further protections are planned as the AI-agent ecosystem scales. SlowMist recommends auditing SKILL.md files, avoiding copy‑paste install commands, limiting plugin permissions, and being cautious with prompts that request passwords, accessibility access or system configuration changes. For traders: tighten plugin hygiene, restrict device permissions, isolate wallets/keys from general-use devices, and monitor for unusual outbound connections — the alert raises endpoint and operational security risk rather than an immediate market-structural shock.

Neutral

The incident is a significant security event for the OpenClaw/ClawHub ecosystem and raises material operational risk for traders who run plugins or keep keys on the same devices. However, it is primarily an endpoint and supply-chain security issue rather than an event that directly affects the fundamentals or liquidity of any specific cryptocurrency. OpenClaw’s immediate response — integrating VirusTotal scans and daily rescans — reduces short‑term infection risk and shows platform-level mitigation, limiting likelihood of broad market panic. Short-term impacts: elevated caution, possible reduced usage of ClawHub and related agent tools, and tighter security practices by traders and developers. Long-term impacts: stronger review and automated scanning may harden the ecosystem; continued discovery of malicious skills could sustain higher operational costs and slower adoption of AI-agent plugins. Overall, price impact on cryptocurrencies themselves is likely limited and indirect (operational risk to users rather than protocol vulnerabilities), so the market effect should be neutral unless further attacks directly compromise exchange custody or major infrastructure.