Slowmist: ClawHub Memiliki Risiko Penanaman Pintu Belakang, 21% Top 100 Skills Terdaftar Sebagai Berisiko Tinggi

Chief Information Security Officer of Slow Mist Technology 23pds Public Warning: Due to ClawHub relying on GitHub one-click login, developer credentials stolen by worms may be used to impersonate developers and release malicious Skills, launching supply chain attacks. Meanwhile, GoPlus has completed comprehensive security scans on the top 100 Skills with the highest download volumes from ClawHub, revealing 21% high risk and 17% requiring warnings.

Full Analysis of Attack Path: From GitHub Credentials to System Intrusion

Slow Mist clearly outlines the complete attack chain in their announcement to help developers and users understand the actual threat mechanism:

Credential Theft: Worms like Sha1-Hulud or phishing attacks steal developers’ GitHub login credentials

Gaining GitHub Access: Attackers use stolen credentials to log into victims’ GitHub accounts

Impersonating Developers to Log into ClawHub: Since ClawHub uses GitHub one-click authorization, attackers can directly access the platform as legitimate developers

Releasing Malicious Skills: Under the guise of legitimate developers, malicious Skills containing backdoors are uploaded, making them hard to distinguish from normal Skills

User Installation and Execution: Unaware users download and run these Skills, triggering malicious code

System Intrusion: Attackers gain access to user devices, potentially leading to data theft, remote control, and serious consequences

The danger of this attack chain lies in its high concealment at each stage, making it nearly impossible for users to identify whether a Skill has been maliciously tampered with just by appearance.

GoPlus Scan Results: Security Distribution Among Top 100 Skills

On March 12, GoPlus released a security scan report on the top 100 Skills with the highest download frequency from ClawHub, providing more systematic risk quantification data:

21% Blocked: These Skills exhibit clear high-risk operations, including direct network penetration, sensitive API calls, and automatic message sending

17% Warning: These Skills pose potential risks; users with higher security requirements are advised to exercise caution

62% Passed: The remaining Skills showed no obvious issues under current scan parameters

GoPlus recommends that for Skills with high-risk operations, a “Human-in-the-Loop (HITL)” manual confirmation mechanism should be enforced, allowing human review before critical operations are executed, rather than remedial actions after the fact.

Tencent SkillHub Controversy: Large-Scale Scraping Raises Copyright and Support Issues

Amid rising security warnings, the ClawHub ecosystem has also sparked another discussion due to Tencent’s approach. Tencent launched a SkillHub community built on the open-source ecosystem of OpenClaw, positioning it as a localized Skills distribution platform for Chinese developers. However, OpenClaw founder Peter Steinberger criticized this after learning about it, stating he received complaints that Tencent scraped all Skills from ClawHub and integrated them into their platform, with such rapid speed that it triggered official rate limits. Steinberger openly said: “They copied, but did not support this project.”

Tencent AI responded, explaining that SkillHub operates as a mirror site, with the original source marked as ClawHub, and stated that the platform aims to provide a more stable and faster access experience for Chinese users. In its first week online, it handled about 180GB of download traffic (870,000 downloads), but only about 1GB was actually pulled from official sources. Tencent emphasized that multiple team members have contributed code to related open-source projects and hopes to continue supporting the ecosystem development.

Frequently Asked Questions

How should ClawHub users protect themselves from malicious Skills?

It is recommended to: prioritize installing Skills reviewed by security agencies like GoPlus; be cautious with Skills requesting access to local files, network, or system APIs; monitor download counts and reviews but do not rely solely on them for safety; regularly update Skills and pay attention to platform security notices. Most importantly, enable “Human-in-the-Loop (HITL)” confirmation before executing high-risk operations.

Should ClawHub switch from GitHub login to other authentication methods?

From a security architecture perspective, relying on a single OAuth provider (like GitHub) creates a single point of failure—if GitHub credentials are compromised, ClawHub accounts are at risk. More secure options include: implementing multi-factor authentication (MFA), allowing independent account creation, or adding extra human or machine verification layers for Skill publishing. These are directions for platform developers to improve trust mechanisms.

Does Tencent SkillHub’s approach violate open-source licenses?

This depends on the specific licensing terms of OpenClaw and ClawHub. Using mirror sites and marking original sources as fair use is generally acceptable, but Steinberger’s criticism points more to ethical issues—using community-built results without substantial contribution or commercial support. Such disputes are common in open-source communities and are usually resolved through clearer licensing and commercial agreements.