ClawHub 遭到围攻：数千个插件在复杂的人工智能攻击中受到损害

OpenClaw AI 代理生态系统遭遇重大安全漏洞，官方插件商店 ClawHub 被发现托管数百个恶意插件。这种复杂的人工智能攻击凸显了关键漏洞。

ClawHub Under Siege: Thousands of Plugins Compromised in Sophisticated AI Attack

ClawHub 遭到围攻：数千个插件在复杂的人工智能攻击中受到损害

A significant security incident has rocked the rapidly expanding AI agent ecosystem, with the official plugin store for the popular open-source project OpenClaw, known as ClawHub, being compromised. Cybersecurity firm SlowMist has issued a stark warning, revealing that hundreds of malicious plugins were uploaded to the platform, posing a severe threat to users.

一起重大安全事件震撼了快速扩张的人工智能代理生态系统，流行的开源项目 OpenClaw 的官方插件商店（称为 ClawHub）遭到破坏。网络安全公司慢雾发布了严厉警告，称数百个恶意插件被上传到该平台，对用户构成严重威胁。

The Anatomy of the Attack

攻击的剖析

The attack exploited a critical flaw in ClawHub's review process, allowing seemingly harmless plugins, presented as setup or helper tools, to contain hidden malware. Researchers from SlowMist and Koi Security identified that these malicious plugins, which constituted a staggering 12% of scanned plugins according to Koi Security's analysis of 2,857 plugins, were designed to surreptitiously siphon user data upon installation.

该攻击利用了 ClawHub 审查过程中的一个关键缺陷，允许看似无害的插件（以安装或帮助工具的形式出现）包含隐藏的恶意软件。 SlowMist 和 Koi Security 的研究人员发现，根据 Koi Security 对 2,857 个插件的分析，这些恶意插件占扫描插件的比例高达 12%，其设计目的是在安装后秘密窃取用户数据。

Attackers ingeniously targeted SKILL.md files, which are intended to provide installation instructions. Instead of just text, these files embedded dubious commands, cleverly disguised using Base64 encoding, curl-to-bash scripts, and two-step malware loaders to evade detection. These commands mimicked normal setup tasks, tricking users into unknowingly executing malware.

攻击者巧妙地瞄准了旨在提供安装说明的 SKILL.md 文件。这些文件不仅仅是文本，还嵌入了可疑命令，并使用 Base64 编码、curl-to-bash 脚本和两步恶意软件加载程序巧妙地进行伪装，以逃避检测。这些命令模仿正常的安装任务，诱骗用户在不知不觉中执行恶意软件。

Tracing the Malicious Infrastructure

追踪恶意基础设施

Analysis revealed that over 400 malicious plugins were communicating with a small cluster of suspicious websites and IP addresses. One notable IP address, 91.92.242.30, has historical ties to cyber-crime and extortion groups, while socifiapp.com, a recently registered domain, served as a remote control server for the malware. The fake plugins often adopted attractive themes such as crypto, finance, software updates, and security tools, further lulling developers into a false sense of security. For instance, a plugin named "X (Twitter) Trends" appeared benign but secretly installed data-stealing malware.

分析显示，超过 400 个恶意插件正在与一小群可疑网站和 IP 地址进行通信。一个值得注意的 IP 地址 91.92.242.30 与网络犯罪和勒索团体有着历史联系，而最近注册的域名 socifiapp.com 则充当了恶意软件的远程控制服务器。假冒插件通常采用加密、金融、软件更新和安全工具等有吸引力的主题，进一步让开发人员陷入错误的安全感。例如，一个名为“X（Twitter）趋势”的插件看似良性，但却秘密安装了数据窃取恶意软件。

The Broader Implications for AI Ecosystems

对人工智能生态系统的更广泛影响

SlowMist has been actively monitoring plugin marketplaces, having detected and flagged 472 malicious plugins. This incident underscores a broader, systemic risk within the entire plugin ecosystem, particularly concerning "instruction files that actually run harmful code." The company emphasizes the need for platforms and users to remain vigilant, looking out for warning signs such as multi-step file downloads, consistent server or IP usage across plugins, and direct IP address connections in commands.

SlowMist 一直在积极监控插件市场，已检测并标记了 472 个恶意插件。这一事件凸显了整个插件生态系统中更广泛的系统性风险，特别是涉及“实际运行有害代码的指令文件”。该公司强调平台和用户需要保持警惕，留意警告信号，例如多步骤文件下载、跨插件的一致服务器或 IP 使用以及命令中的直接 IP 地址连接。

Staying Safe in the Age of AI Plugins

在人工智能插件时代保持安全

To mitigate risks, users are strongly advised to scrutinize installation instructions before execution and to avoid copy-pasting commands without full comprehension. Sudden requests for passwords or permissions should also be treated as red flags. Downloading tools exclusively from reputable and official sources, rather than from untrusted scripts, is paramount for maintaining security. It seems the digital world, much like a bustling New York street, always has a few unexpected twists and turns, so stay sharp out there!

为了降低风险，强烈建议用户在执行之前仔细检查安装说明，并避免在没有完全理解的情况下复制粘贴命令。突然请求密码或权限也应视为危险信号。仅从信誉良好的官方来源下载工具，而不是从不受信任的脚本下载工具，对于维护安全性至关重要。数字世界似乎就像熙熙攘攘的纽约街道一样，总是有一些意想不到的曲折，所以要保持敏锐！