logo

ChainThink

Stay ahead, master crypto insights

GoPlus: 21% of the Top 100 Skills in the ClawHub Ecosystem involve explicitly high-risk operations

GoPlus: 21% of the Top 100 Skills in the ClawHub Ecosystem involve explicitly high-risk operations

2026-03-12 18:23

View Original

ChainThink report, March 12: GoPlus released a report on social media stating that its comprehensive security scan of the top 100 high-frequency downloaded Skills within the ClawHub ecosystem identified 21 Skills (21%) blocked and 17 Skills (17%) flagged with warnings.


GoPlus stated that 21% of the Top 100 Skills involve explicit high-risk operations (such as direct network penetration, sensitive API calls, and automated email sending), and recommended enforcing a mandatory "Human-in-the-Loop (HITL)" confirmation mechanism during execution to enable manual review of high-risk actions; additionally, 17% of Skills present moderate risk, and cautious execution is advised—users with high security requirements are also encouraged to implement human verification.

Disclaimer: Contains third-party opinions, does not constitute financial advice

Recommended Reading
Tencent Massively Migrates All ClawHub Skill Packages to Its Own Platform; Response of "It's a Mirror, Not a Clone" Sparks Outrage from OpenClaw Founder
Tencent Massively Migrates All ClawHub Skill Packages to Its Own Platform; Response of "It's a Mirror, Not a Clone" Sparks Outrage from OpenClaw Founder
Tencent Responds to ClawHub Data Scraping Controversy: SkillHub is a Local Mirror for Chinese Users, With Only 1GB of Data Pulled from Upstream Despite 870,000 Downloads in the First Week
Tencent Responds to ClawHub Data Scraping Controversy: SkillHub is a Local Mirror for Chinese Users, With Only 1GB of Data Pulled from Upstream Despite 870,000 Downloads in the First Week
OpenClaw Founder: Tencent's Bulk Data Scraping from ClawHub Caused Surge in Server Costs
OpenClaw Founder: Tencent's Bulk Data Scraping from ClawHub Caused Surge in Server Costs
Security Alert: The domain bonk.fun has been hijacked by hackers—please do not access it.
Security Alert: The domain bonk.fun has been hijacked by hackers—please do not access it.
GoPlus: The current top Google search result/ad for Claude Code is a malicious installer
GoPlus: The current top Google search result/ad for Claude Code is a malicious installer
YZi Labs: The official account @BinanceLabs has exhibited anomalous activity; users are advised to unfollow to avoid engagement
YZi Labs: The official account @BinanceLabs has exhibited anomalous activity; users are advised to unfollow to avoid engagement
Vitalik: Cryptographic privacy is crucial for local AI agents, preventing leakage of user behavior through access patterns in API calls
Vitalik: Cryptographic privacy is crucial for local AI agents, preventing leakage of user behavior through access patterns in API calls