- February 9, 2026
- Posted by: admin
- Category: BitCoin, Blockchain, Cryptocurrency, Investments
SlowMist flagged 472 AI skills containing malicious code as AI plugins and extensions become the new hunting ground for hackers seeking to access the devices of cryptocurrency investors.
The official plugin marketplace for open-source artificial intelligence agent project OpenClaw has become a target for supply chain poisoning attacks, according to a new report from cybersecurity firm SlowMist.
In a report released Monday, SlowMist said attackers have been uploading malicious “skills” to OpenClaw’s plugin hub, known as ClawHub, exploiting what it described as weak or nonexistent review mechanisms. The activity allows harmful code to spread to users who install the plugins, potentially without realizing the risk.
SlowMist said its Web3-focused threat intelligence solution, MistEye, issued high-severity alerts related to 472 malicious skills on the platform.
