SlowMist
SlowMist|Feb 09, 2026 03:06
🚨 Threat Intelligence | Analysis of ClawHub Malicious Skills Poisoning As the #OpenClaw AI agent ecosystem rapidly grows, SlowMist has observed ClawHub becoming a new target for large-scale supply chain attacks. Due to insufficient review mechanisms, hundreds of malicious “skills” have already infiltrated the hub, distributing hidden payloads and stealing user data. Our investigation (triggered after early detections by #MistEye) found that attackers abuse SKILL[.]md as an execution entry point—disguising malicious commands as dependency installation or environment setup steps (e.g., Base64 → curl → bash). What looks like documentation becomes an executable attack chain. Key findings: 🔹 341 malicious skills identified out of 2,857 (per Koi Security) 🔹 Over 400 samples reuse the same small set of domains/IPs — indicating coordinated group activity 🔹 Classic two-stage loaders: obfuscated first stage + dynamically fetched second-stage payload 🔹 Infrastructure convergence on IPs like 91.92.242.30, linked to historical Poseidon activity 🔹 Second-stage trojans phish system passwords, harvest local files, and exfiltrate data to C2 servers Attack flow: 1️⃣ Fake “installation/init” steps in SKILL[.]md 2️⃣ Commands hidden via Base64 or segmented scripts 3️⃣ Download-and-execute (curl → bash) 4️⃣ Stage-1 loader pulls Stage-2 payload 5️⃣ Centralized C2 handles persistence and updates MistEye detected and alerted on 472 malicious skills + related IOCs at an early stage, delivering threat intelligence directly to customers. We’re now rolling out dedicated monitoring rules for skill ecosystems and continuing 24/7 tracking across major marketplaces. 🛡️ Defensive takeaway: This is not just about removing individual skills. Focus on behavioral signals like: • two-stage loading • highly reused infrastructure • bare-IP delivery endpoints Mitigation tips: ✅ Never blindly execute SKILL[.]md “installation” commands ✅ Treat password or system permission prompts as high-risk signals ✅ Only install dependencies from verified, official sources Full technical breakdown & IOCs here 👉 https://slowmist.medium.com/threat-intelligence-analysis-of-clawhub-malicious-skills-poisoning-0448ffd49c80(SlowMist)
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads