Security Firms Expose Hidden Backdoors in OpenClaw Plugins Targeting Users

Weak plugin checks allowed coordinated attacks on ClawHub, forcing OpenClaw to add stricter security scans.

OpenClaw, an open-source AI agent project, has seen rapid growth in recent weeks. Its official plugin marketplace, ClawHub, has followed the same path, drawing in many developers. However, the rising adoption has also drawn unwanted attention. Security firms now warn that ClawHub is being abused to spread malicious plugins.

Weak Plugin Reviews Leave OpenClaw’s ClawHub Exposed

Monitoring by SlowMist shows that ClawHub is becoming a new target for supply-chain attacks because the platform does not sufficiently verify uploads. Weak review controls have allowed unsafe plugins, referred to as “skills,” to enter the platform.

Several even carry hidden backdoors or deliver harmful content that puts both developers and users at risk. Following initial findings, SlowMist issued alerts to clients via its MistEye system and began tracking suspicious uploads.

A follow-up scan of ClawHub revealed the scale of the issue. According to a report from Koi Security, researchers found 341 malicious skills among 2,857 scanned. Most were designed to match known plugin-market poisoning campaigns seen in other ecosystems.

Many unsafe skills appeared legitimate at first glance, using trusted names and familiar descriptions.

Batch Attack Linked to Hundreds of Malicious Skills on ClawHub

SlowMist conducted a deeper review of the case and identified more than 400 indicators of malicious activity. Many of them pointed to the same few websites and servers. That repetition suggests the attacks were organized and planned.

Analysts described the campaign as batch-based, with attackers pushing many similar skills at once, all relying on shared infrastructure

Interestingly, the way these skills were spread also followed a pattern. Attackers used public file-hosting sites to store harmful code. The plugins first ran simple and slightly hidden instructions to avoid being flagged.

After that, they downloaded more dangerous code from external servers. This setup made it easy for attackers to update the malicious components without modifying the plugin itself.

Attackers also used misleading names to trick users. Many malicious skills were presented as crypto tools, finance helpers, or system utilities. Labels like “security check,” “automation helper,” or “update tool” made them seem safe and useful. 

SlowMist advised users to be careful before installing any ClawHub skill. Users should read the SKILL.md file closely before copying or running commands. Any plugin asking for system passwords, special permissions, or system changes should be treated with suspicion.

The security firm added that limiting permissions and manually reviewing code can help reduce risk. Security firms warn that stronger review processes and greater user awareness are now needed.

OpenClaw Moves to Tighten Plugin Security With VirusTotal Integration

OpenClaw recently announced a new partnership with VirusTotal to improve security across ClawHub. From now on, every skill published on ClawHub will go through automated security scanning powered by VirusTotal. This new layer of protection for developers and users will reduce risk as the platform grows.

Unlike traditional software, AI agents interpret language and take actions based on context. That makes them more flexible but also easier to misuse. OpenClaw said poorly secured agents can become a liability, especially when third-party skills gain access to tools and data.

Skills on ClawHub can manage finances, control devices, or automate tasks. Malicious skills could misuse that access to steal data, execute unwanted commands, or download harmful code. To address this risk, OpenClaw now scans skill packages before and after publication.

Under the new system, all active skills are rescanned daily. OpenClaw emphasised that this is a single security layer, with additional protections planned as the ecosystem expands.

The post Security Firms Expose Hidden Backdoors in OpenClaw Plugins Targeting Users appeared first on Live Bitcoin News.