OpenClaw Faces Supply-Chain Plugin Poisoning Attacks

On Feb. 9, 2026 security firms SlowMist and Koi Security reported that OpenClaw's ClawHub marketplace hosted hundreds of malicious plugins. The compromised extensions deploy infostealers such as Atomic Stealer and target local AI agents that automate workflows, interact with services, and control devices. Organizations and developers are urged to audit plugin sources, verify signatures, and isolate agent runtimes to limit exposure.