OpenClaw Plugin Hub ClawHub Becomes New Supply Chain Attack Target, 341 Malicous Skills Identified

Security RiskAI AgentsSupply Chain AttackMalicious PluginsOn-Chain Security

As the open-source AI agent project OpenClaw gains rapid traction, its official plugin marketplace ClawHub is increasingly becoming a new target for supply chain poisoning attacks, posing potential risks to both developers and everyday users.

Monitoring data shows that 341 malicious skill plugins have already been identified. These plugins are typically disguised as:

  • Crypto asset management tools
  • Security inspection plugins
  • Automation assistant utilities
  • Attackers exploit the popularity of AI ecosystems to distribute malicious code, lowering user vigilance and expanding the attack surface.

Attack Mechanism: Hidden Commands and Multi-Stage Payload Delivery

Analysis of related samples reveals several primary attack techniques:

  • Using SKILL.md files as execution entry points
  • Applying Base64 encoding to conceal malicious commands
  • Leveraging a two-stage loading mechanism to evade detection
  • Typical attack workflows include:
  • Downloading remote payloads via curl
  • Deploying a malicious sample named dyrtvwjfveyxjf23
  • Prompting users to input system passwords while exfiltrating local files and system information

AI Plugin Ecosystems Become New Attack Entry Points

As AI agent frameworks and plugin marketplaces expand rapidly, attackers are shifting focus toward plugin ecosystems and automation platforms.

In environments where AI tools intersect with crypto utilities, malicious plugins often masquerade as “wallet management” or “security tools”, gaining user trust and significantly increasing exposure to risk.

Risk Monitoring and Mitigation Recommendations

Security researchers recommend:

  • Avoid executing copy-and-run commands from unknown sources
  • Be cautious with plugins requesting system-level permissions
  • Prioritize tools released through official channels
  • Refrain from running unverified scripts
  • Meanwhile, some on-chain security providers are leveraging Trustformer KYT and similar risk intelligence solutions to track suspicious addresses and illicit fund flows, helping platforms strengthen threat detection and response capabilities.

Conclusion

The rapid expansion of AI plugin ecosystems is reshaping attack vectors, with supply chain risks evolving from traditional software repositories into AI tool marketplaces. Establishing stricter plugin review processes and safer usage standards will become a critical defense line for developers and users moving forward.

About Trustformer

Trustformer is a leading blockchain security and compliance technology company specializing in providing professional risk management and compliance solutions for the global cryptocurrency ecosystem. We have developed the cutting-edge Trustformer KYT (Know Your Transaction) platform, which integrates artificial intelligence, blockchain analytics, and regulatory technology to deliver comprehensive, accurate real-time transaction monitoring, risk assessment, and suspicious activity reporting services.

With deep industry expertise and technological innovation, Trustformer is dedicated to helping Virtual Asset Service Providers (VASPs), crypto financial institutions, and investors build a safer and more transparent crypto financial environment. We believe that driving compliance and trust through technology can contribute to the thriving growth of the global digital economy.