OpenClaw AI hub faces wave of poisoned plugins, SlowMist warns
SlowMist flagged 472 AI skills containing malicious code as AI plugins and extensions become the new hunting ground for hackers seeking to access the devices of cryptocurrency investors.
The official plugin marketplace for open-source artificial intelligence agent project OpenClaw has become a target for supply chain poisoning attacks, according to a new report from cybersecurity firm SlowMist.
In a report released Monday, SlowMist said attackers have been uploading malicious “skills” to OpenClaw’s plugin hub, known as ClawHub, exploiting what it described as weak or nonexistent review mechanisms. The activity allows harmful code to spread to users who install the plugins, potentially without realizing the risk.
SlowMist said its Web3-focused threat intelligence solution, MistEye, issued high-severity alerts related to 472 malicious skills on the platform.
Source: Cointelegraph →Related News
- Feb 24, 2026
Ethereum Foundation starts staking ETH as client diversity concerns persist
- Feb 24, 2026
‘Bitcoin scarcity is dead’: Crypto executives push back on viral claim
- Feb 24, 2026
Solo Bitcoin miner bags over $200K block reward using rented hashrate
- Feb 24, 2026
Vitalik sells 17K ETH in one month after earmarking $45M for privacy
- Feb 24, 2026
Stablecoin stagnation, tariffs a headwind for Bitcoin prices, analysts say