Security gaps in ClawHub registry allow unauthorized scope squatting (opens in new tab)

ClawHub serves as a plugin and skill registry for AI agents like OpenClaw and Claude Code, utilizing npm-style scopes to identify package owners. These scopes, such as @openclaw and @clawhub, are intended to act as trust signals that verify the provenance of code. However, a lack of enforcement allowed unauthorized accounts to publish plugins under these official organizational namespaces. <a href="