SlowMist Uncovers Hundreds of Malicious Skills Targeting Crypto Users in ClawHub

Security firm SlowMist reports hundreds of malicious skills on OpenClaw’s ClawHub, warning of disguised payloads aimed at stealing system data.

67d ago

Summary

SlowMist has identified 341 malicious skills within OpenClaw’s ClawHub platform, disguised as cryptocurrency, security, or automation tools. These attacks employ SKILL.md files with Base64 encoding and a two-stage payload-loading process to harvest system data. SlowMist’s MistEye detection system flagged an additional 472 malicious skills, prompting a warning for users to verify commands through official channels to prevent potential breaches.

Terms & Concepts

Base64 encoding: A method of converting binary data into an ASCII string format, often used to obscure malicious payloads.
Payload: The core malicious code or commands delivered in a cyberattack, designed to execute harmful actions.
ClawHub: An open-source platform under OpenClaw, hosting user-created scripts and skills, which can be exploited for malicious purposes.