23 ClawHub plugins squatting official scopes expose AI registry security gaps
A security issue was identified in the ClawHub AI plugin registry where 23 plugins were found squatting official npm-style scopes such as @openclaw/ and @clawhub/. These scopes, which are intended to indicate official ownership, were not properly reserved, allowing unrelated accounts to publish plugins under these trusted namespaces. This creates a supply chain risk because users may trust plugins based on their official-looking scope even if the code is not malicious. The registry has made changes following disclosure to address this issue. This reflects broader security gaps emerging alongside new AI tools and registries.
AI Analysis
Technical Summary
ClawHub, an AI plugin registry used by AI agents like Claude and OpenClaw, uses npm-style scopes to denote package ownership. However, 23 plugins were published under official scopes (@openclaw and @clawhub) by unrelated accounts due to insufficient scope reservation controls. This namespace squatting poses a supply chain risk by misleading users about the provenance of plugins, even if the code is not inherently malicious. After disclosure, ClawHub implemented changes to mitigate this risk. The incident highlights emerging security challenges in AI registries as the ecosystem grows.
Potential Impact
The main impact is a supply chain risk where malicious or untrusted code could be distributed under official-looking scopes, potentially deceiving users or automated systems that rely on scope as a trust indicator. Although no active exploitation or malicious code was reported, the namespace squatting undermines trust in the plugin ecosystem and could facilitate future attacks if exploited.
Mitigation Recommendations
The ClawHub registry has made changes following the disclosure to better reserve official scopes and prevent unauthorized publishing under them. Users should verify plugin provenance beyond scope names and monitor vendor advisories for further updates. Patch status is not explicitly stated; check the ClawHub vendor advisory or official communications for current remediation guidance.
23 ClawHub plugins squatting official scopes expose AI registry security gaps
Description
A security issue was identified in the ClawHub AI plugin registry where 23 plugins were found squatting official npm-style scopes such as @openclaw/ and @clawhub/. These scopes, which are intended to indicate official ownership, were not properly reserved, allowing unrelated accounts to publish plugins under these trusted namespaces. This creates a supply chain risk because users may trust plugins based on their official-looking scope even if the code is not malicious. The registry has made changes following disclosure to address this issue. This reflects broader security gaps emerging alongside new AI tools and registries.
Reddit Discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
ClawHub, an AI plugin registry used by AI agents like Claude and OpenClaw, uses npm-style scopes to denote package ownership. However, 23 plugins were published under official scopes (@openclaw and @clawhub) by unrelated accounts due to insufficient scope reservation controls. This namespace squatting poses a supply chain risk by misleading users about the provenance of plugins, even if the code is not inherently malicious. After disclosure, ClawHub implemented changes to mitigate this risk. The incident highlights emerging security challenges in AI registries as the ecosystem grows.
Potential Impact
The main impact is a supply chain risk where malicious or untrusted code could be distributed under official-looking scopes, potentially deceiving users or automated systems that rely on scope as a trust indicator. Although no active exploitation or malicious code was reported, the namespace squatting undermines trust in the plugin ecosystem and could facilitate future attacks if exploited.
Mitigation Recommendations
The ClawHub registry has made changes following the disclosure to better reserve official scopes and prevent unauthorized publishing under them. Users should verify plugin provenance beyond scope names and monitor vendor advisories for further updates. Patch status is not explicitly stated; check the ClawHub vendor advisory or official communications for current remediation guidance.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a390d44eed863c81ea61c14
Added to database: 06/22/2026, 10:24:04 UTC
Last enriched: 06/22/2026, 10:24:21 UTC
Last updated: 06/22/2026, 21:38:59 UTC
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.