PANews reported on March 13 that 23pds, Chief Information Security Officer of SlowMist Technology, issued a warning to ClawHub developers about the risks of phishing and credential leakage. ClawHub currently relies on developers' one-click login via GitHub. Previously, the Sha1-Hulud worm stole a large number of developers' GitHub credentials, and attackers may use this opportunity to attack Skills.

The attack path is as follows: credential theft → attacker gains GitHub privileges → logs into ClawHub as a developer → publishes malicious skills to implant a backdoor → user downloads and installs the malicious code, leading to system intrusion.