Cos(余弦)😶‍🌫️'s Insight

This article is machine translated

Show original

🚨Risk Alert | OpenClaw Plugin Center Suffers Large-Scale Supply Chain Poisoning Attack According to SlowMist's monitoring (@SlowMist_Team), due to the lack of a strict review mechanism on the ClawHub platform, a large number of malicious skills have infiltrated and are used to spread malicious code. Currently, 341 malicious skills have been identified. These skills are typically disguised as encrypted assets, security checks, or automation tools. Attackers use the file http:/SKILL.md as the entry point for execution commands, hiding malicious commands through Base64 encoding and employing a two-stage loading mechanism to evade detection. The first stage obtains the payload via curl; the second stage deploys a sample named dyrtvwjfveyxjf23 to trick users into entering system passwords and steal local documents and system information. SlowMist advises users to review any commands that need to be copied and executed, be wary of prompts for system privileges, and prioritize obtaining tools through official channels. #OpenClaw

From Twitter

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

Blockbeats

$55,000 will be the lifeline for Bitcoin.

BTC

0.85%

All-in station

The Vietnamese government is pushing for the operation of a gold and cryptocurrency exchange by February 28, 2026.

BlockTempo

Machi Big Brother lost so much money he couldn't sleep all night? Ethereum fell below 2000, causing panic. He long positions in ETH and HYPE, then sold at a loss, losing all 120,000 in magnesium.

ETH

0.16%