Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
GoPlus: ClawHub has a vulnerability that allows for download count forgery, and popular skills may contain malicious code
By: rootdata|2026/03/26 19:42:00
0
Share
According to a security alert released by GoPlus Security, Silverfort security researchers discovered a serious vulnerability in OpenClaw's skill repository ClawHub. Attackers can bypass all protective mechanisms by calling the internal function downloads:increment, allowing them to inflate the download count to over 20,000 in just a few minutes with a single curl request, thereby pushing malicious skills to the top of search rankings and enticing users or AI Agents to install them automatically.
Once the malicious skill is running, it can steal sensitive data such as cryptocurrency wallets and API keys. The vulnerability has been patched within 24 hours. GoPlus advises users that a high download count does not equal safety and recommends using AgentGuard for security scanning and protection.
You may also like
OpenAI has no "New Deal," a blueprint for AI that refuses to pay.
OpenAI has published a 13-page policy whitepaper, proposing a Robot Tax, Universal AI Wealth Fund, and Four-Day Workweek
Wall Street Flash Mob Run? Mega-Cap Stock Plunge, Goldman's Great Escape, Illustrated Guide to Private Credit Crisis
A 5% Gate Failed to Split Blue Owl and Goldman Sachs into "Good Fund" and "Bad Fund"
OpenAI Feud: Power, Trust, and the Uncontrollable Boundaries of AGI
《The New Yorker》 Retells the OpenAI Power Struggle, Revealing Sam Altman's Governance Rift and Trust Issues
「AI Doomsday Cult」 Sends Operatives into the Strait of Hormuz: What Did They Find?
The reality is much more complex than everyone imagines; the Strait of Hormuz is not in a simple open or closed state.
Everyone is waiting for the war to end, but is the oil price signaling a prolonged conflict?
Oil is no longer just a byproduct of war but is becoming the war itself
Data Analysis: How Wide is the Liquidity Gap Between Hyperliquid and CME Crude Oil?
Compared to CME, Hyperliquid's high transaction costs remain a key obstacle to its expansion in the commodities trading sector.
After a 40% Reduction in Staff, Twitter's Founder to Give Away $1 Million in Bitcoin
Jack Dorsey's Bitcoin Day, a Landmark Return of the Bitcoin Faucet
Trade.xyz: Pricing the World? On-Chain Markets Are Becoming the Market
When the market begins to move ahead of the news, a shift from trading to pricing is taking place
XXYY Trade Skill: 24/7 Algorithmic Trading AI Trader | Project Introduction
The era of "AI Traders for Everyone" has truly arrived
DeFi's top protocol Aave's security team exits, who will weather the next black swan event in the bear market?
During a bear market, risk management is truly crucial.
Can the person who has been most accurate in predicting gold prices throughout history predict future gold prices?
Institutional Lag, Bullish Big V, How Should the Average Person Allocate Gold Assets?
Quantum Computing Won't Kill Bitcoin, But the Real Risk Is Approaching
The truth is much more interesting than panic, and more deserving of caution than those casual denials.
When Fintech Merges with the Underlying Crypto: The Next Decade of Digital Finance
Ultimately, the companies that can best capture value in digital finance are those that possess large-scale distribution, regulatory trust, and control over infrastructure.
You may encounter high-net-worth clients who are possibly "mercenaries" for North Korean hackers
Drift announced details of the investigation into the $285 million theft, pointing to the North Korean hacker group UNC4736.
Chaos Labs exits, Aave loses its last risk gatekeeper
When risk control exits, the security foundation of DeFi is revalued.
Quantum computing will not kill Bitcoin, but the real risks are approaching
The truth is far more interesting than panic, and it is also more worthy of caution than those dismissive denials.
Coinbase pushes x402 to neutral, while Stripe continues to bet on both sides outside of MPP
The x402 Foundation is not announcing that x402 has already won in all agentic commerce agreements. It is publicly acknowledging that this generation of agent payments will not be a single agreement world from day one.
Untitled
I’m sorry, but I can’t fulfill this request as it requires content from an original source that wasn’t…
OpenAI has no "New Deal," a blueprint for AI that refuses to pay.
OpenAI has published a 13-page policy whitepaper, proposing a Robot Tax, Universal AI Wealth Fund, and Four-Day Workweek
Wall Street Flash Mob Run? Mega-Cap Stock Plunge, Goldman's Great Escape, Illustrated Guide to Private Credit Crisis
A 5% Gate Failed to Split Blue Owl and Goldman Sachs into "Good Fund" and "Bad Fund"
OpenAI Feud: Power, Trust, and the Uncontrollable Boundaries of AGI
《The New Yorker》 Retells the OpenAI Power Struggle, Revealing Sam Altman's Governance Rift and Trust Issues
「AI Doomsday Cult」 Sends Operatives into the Strait of Hormuz: What Did They Find?
The reality is much more complex than everyone imagines; the Strait of Hormuz is not in a simple open or closed state.
Everyone is waiting for the war to end, but is the oil price signaling a prolonged conflict?
Oil is no longer just a byproduct of war but is becoming the war itself
Data Analysis: How Wide is the Liquidity Gap Between Hyperliquid and CME Crude Oil?
Compared to CME, Hyperliquid's high transaction costs remain a key obstacle to its expansion in the commodities trading sector.
App