What was the ClawHub ranking manipulation vulnerability?

An unauthenticated public RPC endpoint (download.increment) allowed anyone to inflate download counts for any skill with no rate limiting or validation, pushing malicious skills to the #1 position.

How was the ClawHub ranking attack discovered?

Silverfort's security research team identified the exposed RPC endpoint, created a PoC disguised as Outlook Graph Integration, and demonstrated it reaching #1 in its category within 6 days.

How many systems were affected by the ClawHub ranking PoC?

The PoC skill achieved 3,900 executions across 50+ cities worldwide in 6 days, infiltrating several public companies.

Was the ClawHub ranking vulnerability patched?

Yes, Silverfort responsibly disclosed on March 16, 2026 and the OpenClaw team deployed a production fix within 24 hours.

Why is ClawHub ranking manipulation a supply chain risk?

Users and AI agents trust download counts as a proxy for legitimacy — inflating them provides social proof that tricks targets into installing malicious code with elevated privileges.

← Back to dashboard

clawsmith.com/signal/clawhub-ranking-manipulation-unauthenticated-download-inflate

⚠ IssueUnderservedSecurityLive

ClawHub Ranking Manipulation: Unauthenticated RPC Inflates Download Counter to Push Malicious Skill to #1

Silverfort discovers ClawHub's download.increment mutation is an unauthenticated public RPC endpoint with no rate limiting or validation. PoC skill reaches #1 position in category with 3,900 executions across 50+ cities in 6 days, infiltrating several public companies. Payload exfiltrated usernames and domain names. Fix deployed within 24 hours of March 16 2026 disclosure.

Product Idea from this Signal

A background service that continuously audits ClawHub skill download counts, detects ranking inflation, and flags skills with suspicious promotion patterns before users install them

154 ▲

ClawHub's download.increment mutation was exposed as an unauthenticated public RPC endpoint with no rate limiting. Silverfort's PoC pushed a malicious skill to #1 in its category with 3,900 executions across 50+ cities in 6 days. Even after the specific endpoint was patched, the fundamental problem remains: ClawHub has no integrity verification layer between the registry's popularity metrics and what users see. Download counts, star ratings, and trending positions can be gamed because no system validates that reported engagement represents real human installs. This service monitors the ClawHub registry continuously, builds statistical models of normal download velocity per skill category, and flags anomalies (sudden spikes, geographic concentration, bot-like install patterns) before they reach human users.

SECURITYOPEN-SOURCECLIREGISTRY-INTEGRITYSUPPLY-CHAIN

CompetitiveView Opportunity →