SlowMist reports supply chain poisoning in OpenClaw's ClawHub plugin center. Weak reviews allowed numerous malicious skills to infiltrate and spread harmful code. Koi Security scanned 2,857 skills, identifying 341 malicious. SlowMist analyzed >400 IOCs, revealing organized batch attacks targeting few fixed domains/IPs via two-stage loading (initial obfuscation, dynamic payload retrieval). Example: "X (Twitter) Trends" skill hides Base64 backdoor that downloads/executes malware to phish passwords, collect fi ...