Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
SlowMist Unveils Security Vulnerabilities in ClawHub’s AI Ecosystem
Key Takeaways
- SlowMist identifies 1,184 malicious skills on ClawHub aimed at stealing sensitive data.
- The identified threats include Base64-encoded backdoors that exfiltrate data to malicious servers.
- Users are advised to scrutinize commands in SKILL.md files and avoid unverified dependencies.
- ClawHub’s insufficient review mechanisms have allowed for a significant influx of malicious plugins.
- Recent incidents underscore the risks posed by inadequate security measures in AI plugin ecosystems.
WEEX Crypto News, 20 February 2026
In a significant development in the cybersecurity landscape, blockchain security firm SlowMist has uncovered major vulnerabilities within the ClawHub AI plugin ecosystem, operated by OpenClaw. According to an announcement on the X platform by Yu Xian, SlowMist’s founder, a staggering 1,184 malicious skills have been identified on the marketplace. These malicious plugins are designed to compromise sensitive data like SSH keys, cryptographic wallets, and browser passwords.
Malicious Skills and Security Breaches
The threat assessment carried out by SlowMist highlights a concerning trend in the digital security domain. The malicious skills identified are not just theoretical risks but active threats that have already been downloaded thousands of times. These skills exploit vulnerabilities in plugin directories following the AgentSkills standard, embedding harmful code within seemingly legitimate functions.
One prominent example of these threats involves the use of Base64-encoded backdoors. These backdoors activate upon execution, scanning user directories including ‘Desktop’, ‘Documents’, and ‘Downloads’ for sensitive files. The compromised data is then zipped along with system information and sent to command-and-control servers, such as the domain socifiapp.com, which has been flagged for Remote Access Trojan (RAT) activities since mid-2025.
Recommendations from SlowMist
To mitigate these threats, SlowMist recommends that users inspect all commands within SKILL.md files before allowing execution. This precautionary measure is crucial to prevent unauthorized data leakage or system compromise. Additionally, the importance of sourcing AI tool dependencies exclusively from verified channels cannot be overstated to ensure the integrity of the integrated systems.
The use of discrete AI environments is also advised, minimizing the risk posed by potentially harmful skills in complex Web3 environments. This is vital as the conventional contract-based security approaches in Web3 are proving insufficient against the evolving threat landscape.
Challenges in ClawHub
ClawHub’s plugin marketplace has rapidly evolved, attracting many AI developers due to its open-source nature. However, this growth has inadvertently attracted malicious actors exploiting its insufficient review mechanisms. Out of 2,857 plugins reviewed, security teams discovered 341 harboring malicious code, highlighting a significant breach of platform integrity. The unchecked distribution of these harmful plugins exemplifies a typical supply chain attack, compromising the very environments they are supposed to enhance.
This situation has pushed OpenClaw to enhance its review processes, aiming for a more rigorous control over its expanding plugin ecosystem. Users are urged to remain cautious and to refrain from executing unverified commands until more robust verification processes are established.
Broader Implications for AI and Security
The implications of these findings extend beyond ClawHub and highlight a pervasive issue within AI and plugin ecosystems. As demonstrated by the ongoing analyses and findings from SlowMist’s MistEye monitoring tool, the potential for widespread exploitation due to inadequate security protocols is substantial.
Furthermore, the recent financial exploit faced by Moonwell, a DeFi platform, underscores the vulnerabilities in smart contract code often co-authored by AI tools without adequate peer review. This incident, involving a misconfiguration leading to a $1.78 million loss, serves as a cautionary tale of the risks tied to AI-generated code in high-stakes environments.
FAQs
What are the primary threats identified by SlowMist on ClawHub?
SlowMist found that 1,184 malicious skills were uploaded to ClawHub, which exploit vulnerabilities to steal SSH keys, encrypted wallets, and more. These include skills with Base64-encoded backdoors that exfiltrate data.
How do the malicious skills on ClawHub operate?
These malicious skills hide harmful code that users inadvertently activate. On execution, they download additional malicious payloads, scan directories for sensitive information, and send this data to command-and-control servers.
What can users do to protect themselves from such threats?
SlowMist advises users to thoroughly inspect all commands found in SKILL.md files and avoid granting unnecessary permissions. It’s also crucial to source dependencies from trusted channels and employ isolated AI environments.
Why is ClawHub considered a target for supply chain attacks?
ClawHub’s rapid growth and open-source nature make it attractive to developers, but its weak review processes allow malicious plugins to proliferate, resulting in supply chain-style vulnerabilities.
How does the SlowMist discovery impact future security practices?
The findings highlight the urgent need for improved review mechanisms in AI and Web3 environments. Incorporating stringent security audits and separating code generation from execution are critical to mitigating these threats.
Embracing robust security protocols not only shields developers and systems from current threats but also fortifies against the rapidly evolving landscape of cyber threats. This call to action is particularly pertinent for platforms like ClawHub, which must bolster their defenses to sustain user trust and foster a secure digital ecosystem.
For more comprehensive coverage on how to protect your digital assets and the latest developments in blockchain security, consider joining the conversation on WEEX and explore different strategies to enhance your crypto portfolio. [Sign up with WEEX here](https://www.weex.com/register?vipCode=vrmi).
You may also like
Consumer-grade Crypto Global Survey: Users, Revenue, and Track Distribution
Prediction Markets Under Bias
Stolen: $290 million, Three Parties Refusing to Acknowledge, Who Should Foot the Bill for the KelpDAO Incident Resolution?
ASTEROID Pumped 10,000x in Three Days, Is Meme Season Back on Ethereum?
ChainCatcher Hong Kong Themed Forum Highlights: Decoding the Growth Engine Under the Integration of Crypto Assets and Smart Economy
Why can this institution still grow by 150% when the scale of leading crypto VCs has shrunk significantly?
Anthropic's $1 trillion, compared to DeepSeek's $100 billion
Geopolitical Risk Persists, Is Bitcoin Becoming a Key Barometer?
Annualized 11.5%, Wall Street Buzzing: Is MicroStrategy's STRC Bitcoin's Savior or Destroyer?
An Obscure Open Source AI Tool Alerted on Kelp DAO's $292 million Bug 12 Days Ago
Mixin has launched USTD-margined perpetual contracts, bringing derivative trading into the chat scene.
The privacy-focused crypto wallet Mixin announced today the launch of its U-based perpetual contract (a derivative priced in USDT). Unlike traditional exchanges, Mixin has taken a new approach by "liberating" derivative trading from isolated matching engines and embedding it into the instant messaging environment.
Users can directly open positions within the app with leverage of up to 200x, while sharing positions, discussing strategies, and copy trading within private communities. Trading, social interaction, and asset management are integrated into the same interface.
Based on its non-custodial architecture, Mixin has eliminated friction from the traditional onboarding process, allowing users to participate in perpetual contract trading without identity verification.
The trading process has been streamlined into five steps:
· Choose the trading asset
· Select long or short
· Input position size and leverage
· Confirm order details
· Confirm and open the position
The interface provides real-time visualization of price, position, and profit and loss (PnL), allowing users to complete trades without switching between multiple modules.
Mixin has directly integrated social features into the derivative trading environment. Users can create private trading communities and interact around real-time positions:
· End-to-end encrypted private groups supporting up to 1024 members
· End-to-end encrypted voice communication
· One-click position sharing
· One-click trade copying
On the execution side, Mixin aggregates liquidity from multiple sources and accesses decentralized protocol and external market liquidity through a unified trading interface.
By combining social interaction with trade execution, Mixin enables users to collaborate, share, and execute trading strategies instantly within the same environment.
Mixin has also introduced a referral incentive system based on trading behavior:
· Users can join with an invite code
· Up to 60% of trading fees as referral rewards
· Incentive mechanism designed for long-term, sustainable earnings
This model aims to drive user-driven network expansion and organic growth.
Mixin's derivative transactions are built on top of its existing self-custody wallet infrastructure, with core features including:
· Separation of transaction account and asset storage
· User full control over assets
· Platform does not custody user funds
· Built-in privacy mechanisms to reduce data exposure
The system aims to strike a balance between transaction efficiency, asset security, and privacy protection.
Against the background of perpetual contracts becoming a mainstream trading tool, Mixin is exploring a different development direction by lowering barriers, enhancing social and privacy attributes.
The platform does not only view transactions as execution actions but positions them as a networked activity: transactions have social attributes, strategies can be shared, and relationships between individuals also become part of the financial system.
Mixin's design is based on a user-initiated, user-controlled model. The platform neither custodies assets nor executes transactions on behalf of users.
This model aligns with a statement issued by the U.S. Securities and Exchange Commission (SEC) on April 13, 2026, titled "Staff Statement on Whether Partial User Interface Used in Preparing Cryptocurrency Securities Transactions May Require Broker-Dealer Registration."
The statement indicates that, under the premise where transactions are entirely initiated and controlled by users, non-custodial service providers that offer neutral interfaces may not need to register as broker-dealers or exchanges.
Mixin is a decentralized, self-custodial privacy wallet designed to provide secure and efficient digital asset management services.
Its core capabilities include:
· Aggregation: integrating multi-chain assets and routing between different transaction paths to simplify user operations
· High liquidity access: connecting to various liquidity sources, including decentralized protocols and external markets
· Decentralization: achieving full user control over assets without relying on custodial intermediaries
· Privacy protection: safeguarding assets and data through MPC, CryptoNote, and end-to-end encrypted communication
Mixin has been in operation for over 8 years, supporting over 40 blockchains and more than 10,000 assets, with a global user base exceeding 10 million and an on-chain self-custodied asset scale of over $1 billion.
$600 million stolen in 20 days, ushering in the era of AI hackers in the crypto world
Vitalik's 2026 Hong Kong Web3 Summit Speech: Ethereum's Ultimate Vision as the "World Computer" and Future Roadmap
On the same day Aave introduced rsETH, why did Spark decide to exit?
Full Post-Mortem of the KelpDAO Incident: Why Did Aave, Which Was Not Compromised, End Up in Crisis Situation?
After a $290 million DeFi liquidation, is the security promise still there?
ZachXBT's post ignites RAVE nearing zero, what is the truth behind the insider control?
App