{"slug": "23-clawhub-plugins-squatting-official-scopes-expose-ai-registry-security-gaps", "title": "23 ClawHub plugins squatting official scopes expose AI registry security gaps", "summary": "Twenty-three code-executing plugins on ClawHub, an AI agent registry, were found squatting under official @openclaw and @clawhub scopes because those scopes were not reserved for their owners, exposing security gaps in AI plugin registries. Ax Sharma, Head of Research at Manifold Security, detailed the findings in a Help Net Security video.", "body_md": "Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to their owners for every package already published. In this Help Net Security video, Ax Sharma, Head of Research at Manifold Security, breaks down how 23 code-executing plugins ended up under ClawHub’s official @openclaw and @clawhub scopes while … [More ](https://www.helpnetsecurity.com/2026/06/22/clawhub-code-executing-plugins-video/)\n\nThe post [23 ClawHub plugins squatting official scopes expose AI registry security gaps](https://www.helpnetsecurity.com/2026/06/22/clawhub-code-executing-plugins-video/) appeared first on [Help Net Security](https://www.helpnetsecurity.com).", "url": "https://wpnews.pro/news/23-clawhub-plugins-squatting-official-scopes-expose-ai-registry-security-gaps", "canonical_source": "https://www.helpnetsecurity.com/2026/06/22/clawhub-code-executing-plugins-video/", "published_at": "2026-06-22 08:00:11+00:00", "updated_at": "2026-06-22 08:11:55.592182+00:00", "lang": "en", "topics": ["ai-safety", "ai-infrastructure", "ai-agents"], "entities": ["ClawHub", "OpenClaw", "Claude", "Ax Sharma", "Manifold Security", "Help Net Security"], "alternates": {"html": "https://wpnews.pro/news/23-clawhub-plugins-squatting-official-scopes-expose-ai-registry-security-gaps", "markdown": "https://wpnews.pro/news/23-clawhub-plugins-squatting-official-scopes-expose-ai-registry-security-gaps.md", "text": "https://wpnews.pro/news/23-clawhub-plugins-squatting-official-scopes-expose-ai-registry-security-gaps.txt", "jsonld": "https://wpnews.pro/news/23-clawhub-plugins-squatting-official-scopes-expose-ai-registry-security-gaps.jsonld"}}