It’s easy to backdoor OpenClaw, and its skills leak API keys • The Register

Staff Editor 2026-02-05
It’s easy to backdoor OpenClaw, and its skills leak API keys • The Register

It’s easy to backdoor OpenClaw, and its skills leak API keys • The Register

https://www.theregister.com/2026/02/05/openclaw_skills_marketplace_leaky_security/

Publish Date: 2026-02-05 18:32:00

Source Domain: www.theregister.com

Another day, another vulnerability (or two, or 200) in the security nightmare that is OpenClaw.

Researchers, over the last two days, have disclosed additional issues with OpenClaw – the vibecoded and famously insecure AI agent farm formerly known as Clawdbot and then Moltbot. Specifically, researchers say that the open source agent platform is vulnerable to indirect prompt injection, allowing an attacker to backdoor a user’s machine and then steal sensitive data or perform destructive operations.

Plus, as other threat hunters have recently found, the ClawHub marketplace for OpenClaw is teeming with malware and leaky agent skills that expose sensitive credentials.

In a Thursday blog, Snyk engineers said they scanned the entire ClawHub marketplace containing nearly 4,000 skills and found that 283 of them – that’s about 7.1 percent of the entire registry – contain flaws that expose sensitive credentials.

“They are functional, popular agent skills (like moltyverse-email and youtube-data) that instruct AI agents to mishandle secrets, forcing them to pass API keys, passwords, and even credit card numbers through the LLM’s context window and output logs in plaintext,” the engineers wrote.

This security flaw is due to the SKILL.md instructions, and developers treating AI agents like local scripts.

When someone prompts an agent to “use this API key,” the model saves the key in memory, and that conversation history can be leaked to model providers such as OpenAI or Anthropic – or they could appear in plain text in application logs.

“Perhaps most alarming is the buy-anything skill (v2.0.0),” the engineers wrote. “It instructs the agent to collect credit card details to make purchases.”

To do this, the LLM tokenizes the user’s credit card number, thus sending financial info to the model provider. A subsequent prompt could ask…

Source

More Stories

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

Staff Editor 2026-06-06
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy