A supply-chain weakness in ClawHub’s plugin registry that allowed third-party packages to squat under organizational scopes and inherit first‑party credibility. In a catalog review Manifold found 23 code‑executing plugins published under the @openclaw/ and @clawhub/ scopes by accounts that have no verified relationship to either organization. Because ClawHub’s registry did not consistently enforce its documented […]
The post ClawHub Scope Squatting Lets Plugins Masquerade as Official OpenClaw Integrations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: