Odaily Planet News: According to SlowMist's monitoring, the official plugin center ClawHub of the open-source AI agent project OpenClaw is becoming a target of supply chain poisoning attacks. Due to the lack of a strict review mechanism on the platform, a large number of malicious skills have already infiltrated it, used to spread malicious code. Monitoring shows that 341 malicious skills have been identified, these skills are usually disguised as encrypted assets, security checks, or automation tools.
SlowMist security team's analysis found that the attacker used the SKILL.md file as the entry point for executing commands, hiding malicious commands through Base64 encoding and employing a two-stage loading mechanism to evade detection. The first stage used curl to obtain the payload, and the second stage deployed a sample named dyrtvwjfveyxjf23, aiming to trick users into entering their system passwords and stealing local documents and system information.
The MistEye system has currently triggered a high-risk alert, covering 472 malicious skills and related indicators. SlowMist advises users to review any commands that require copying and execution, be cautious of prompts for system privileges, and prioritize obtaining tools through official channels.