OpenClaw plugin hub hit by supply chain poisoning, SlowMist finds

Cybersecurity firm SlowMist found the official plugin marketplace for the open-source AI agent OpenClaw has been targeted by supply chain poisoning attacks. Malicious "skills" were uploaded to ClawHub and exploited weak or nonexistent review mechanisms, allowing harmful code to spread to users who install the plugins.

SlowMist's MistEye issued high-severity alerts for 472 malicious skills. The infected packages often masquerade as dependency installers that hide commands triggering backdoor functions once executed. The "Base64" backdoor can collect passwords and personal files, and attackers typically move to extortion after stealing data.

Investigators traced many attacks to the same domain (socifiapp[.]com), registered in July 2025, and to an IP address linked to Poseidon infrastructure exploits. Malicious skills commonly used names tied to crypto, financial data and automation tools, a pattern SlowMist says points to a coordinated, group-based operation employing largely identical techniques.

openclaw, clawhub, supply chain, slowmist, misteye, malicious skills, base64, backdoor, socifiapp, extortion