A supply-chain weakness in ClawHub’s plugin registry that allowed third-party packages to squat under organizational scopes and inherit first‑party credibility. In a catalog review Manifold found 23 code‑executing plugins published under the @openclaw/ and @clawhub/ scopes by accounts that have no verified relationship to either organization. Because ClawHub’s registry did not consistently enforce its documented […]

The post ClawHub Scope Squatting Lets Plugins Masquerade as Official OpenClaw Integrations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/clawhub-scope-squatting/