A researcher has discovered a critical vulnerability in the supply chain of an AI model skill sharing platform called ClawdHub.

Vulnerability Details

The attack, simulated for demonstration purposes, exploited several weaknesses:

  • Fakeable downloads: The number of skill downloads could be inflated via a simple API vulnerability, without authentication and with IP spoofing.
  • Deceptive UI: The web interface hid the referenced files, making it difficult to spot suspicious payloads.
  • Illusory permissions: Permission prompts created a false sense of security, leading many developers to click "Allow".

Impact and Mitigation

In just eight hours, the attack compromised 16 developers in 7 different countries. The payload used was harmless (a simple ping), but a real attacker could have stolen SSH keys, AWS credentials, or entire codebases. The researcher reported the vulnerability and proposed a fix, but the main problem lies in the platform's architecture itself. This type of attack is reminiscent of vulnerabilities already seen in JavaScript libraries such as ua-parser-js and event-stream, and suggests that the same issues are reoccurring in the world of artificial intelligence tools.

For those evaluating on-premise deployment of AI models, it is essential to consider the trade-offs between control and supply chain security. AI-RADAR offers analytical frameworks on /llm-onpremise to evaluate these aspects.