Key Highlights:
- Malicious plugins were uploaded to ClawHub as reported today, February 9, 2026 by SlowMist.
- Hackers hid the harmful commands inside normal-looking installation instructions.
- SlowMist suggests auditing installation steps, blocking malicious servers, and enforcing strict plugin reviews.
Cybersecurity company SlowMist has issued a serious warning about a security problem in the fast-growing AI agent ecosystem. They found that ClawHub, the official plugin store for the popular open-source project OpenClaw, has been compromised.
🚨 Threat Intelligence | Analysis of ClawHub Malicious Skills Poisoning
As the #OpenClaw AI agent ecosystem rapidly grows, SlowMist has observed ClawHub becoming a new target for large-scale supply chain attacks. Due to insufficient review mechanisms, hundreds of malicious… pic.twitter.com/xfzo4AhTdb
— SlowMist (@SlowMist_Team) February 9, 2026
This happened because plugins on ClawHub were not properly reviewed and hundreds of plugins were uploaded. These plugins looked harmless and were presented as normal setup or helper tools but little did anyone know that they contained hidden malware.
In such situations, as soon as these plugins are installed, they secretly siphon data and the user has no clue about the same.
How the Attack Was Carried Out
It was SlowMist who found out about this by using their security software, which figured out something was wrong. What they found was a clever trick. It can be understood that the attackers had targeted the SKILL.md files, which are basically text files providing information on how to install a plugin. Instead of text, these files were also containing dubious commands. When users followed the steps, they unknowingly ran malware on their systems.
The harmful commands were made to look like normal setup tasks such as installing software dependencies, setting up the environment, and to hide what they were really doing, attackers made use of Base64 encoding to scramble the code, curl-to-bash scripts that download and run files instantly and two-step malware loaders that avoid easy detection.
Another security firm, Koi Security, scanned 2,857 plugins on the platform and confirmed that out of these many, 341 were malicious.
That’s a 12% of infection rate, which strongly suggests that this was not an accident, but a well-planned and coordinated attack.
Where the Malware Is Coming From
Security researchers found that over 400 malicious plugins were all connecting back to just a few suspicious websites and IP addresses. One of them, 91.92.242.30, has links to older cyber-crime and extortion groups. Another, socifiapp.com, was registered only recently and is being used as a remote control server for malware.
Many of these fake plugins were designed to look attractive to developers. They used themes like crypto and wallets, finance tools, software “updates”, security or system checks. These names made the plugins seem useful and safe.
A real example includes a plugin “X (Twitter) Trends” that looks safe but secretly installs malware that steals personals and work data.
The plugin looks the same on the surface, while the hidden malware keeps changing. This helps attackers avoid basic security checks.
What SlowMist Is Doing
SlowMist detected 472 malicious plugins early and is now monitoring plugin marketplaces 24/7 to stop future attacks. This is not a one-time problem. This acts as a big risk across the entire plugin ecosystem and the main danger comes from “instruction files that actually run harmful code”, not just bad plugins being taken down one by one.
Instead of only removing infected plugins, platforms and users need to watch for warning signs such as plugins that download more files in multiple steps, the same servers or IPs being used, commands that connect directly to raw IP addresses.
What You Should Do to Stay Safe
Make sure you check install instructions before running them. Never copy-paste commands without understanding them. One should remain cautious of sudden password or permission requests as there are usually the signs of an attack. One should only download tools from reliable and official sources and not from random scripts.
Also Read: Strategy Unveils Q4 2025 Results, Earns 22.8% in BTC Yield
