280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII
5mo agoen
Source
Snyk280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PIIsnyk.ioDiscover how 7.1% of AI agent skills are designed to leak secrets, PII, and API keys through LLM context. Learn to defend with Evo & mcp-scan.
You might also wanna read
Security scanners for AI agent skill marketplaces fail to detect malicious skills, researchers find
The article exposes critical security flaws in AI agent skill marketplaces, where malicious skills designed to steal credentials, exfiltrate

OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat
unit42.paloaltonetworks.com·14d ago

OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat
unit42.paloaltonetworks.com·14d ago
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
BackBox.org·2d ago

Security Researchers Find Malware in Hundreds of OpenClaw AI Agent Skill Extensions
Security researchers have discovered hundreds of malicious add-ons in OpenClaw's marketplace, with the most-downloaded skill serving as a ma
AI assistant built on OpenClaw with Claude Opus 4.6 survives 6,000 hacking attempts without leaking secrets
Developer Fernando Irarrázaval launched a challenge on hackmyclaw.com where he invited hackers to trick his AI assistant "Fiu" into leaking
Security Risks of OpenClaw's AI Agent Capabilities: How Powerful Features Become Attack Vectors
The article examines how OpenClaw's powerful AI agent capabilities, which provide access to files, tools, browsers, terminals, and long-term

Comments
Sign in to join the conversation.
No comments yet. Be the first.