ClawHub flaw let attackers fake download counts and push a malicious skill to the top of search

A critical ClawHub vulnerability let attackers inflate a skill’s download count and manipulate rankings to make a malicious package look like the most trusted option in its category. Silverfort says the flaw could have turned ClawHub, the public skills registry for the OpenClaw ecosystem, into a supply chain attack channel for both human users and […] The post ClawHub flaw let attackers fake download counts and push a malicious skill to the top of search appeared first on VPN Central.