OpenClaw reveals meaty personal information after simple cracks (www.theregister.com)

Researchers have uncovered significant security vulnerabilities in OpenClaw, an open-source AI agent platform. Specifically, the platform is susceptible to indirect prompt injection attacks that can gain unauthorized access to users' machines and expose sensitive information, including API keys and credit card details. A recent analysis of the ClawHub marketplace revealed that approximately 7.1% of the nearly 4,000 skills contain critical flaws, allowing for the mishandling of secrets. Notably, one skill is designed to collect credit card details, which can be tokenized and sent to the model provider, posing a severe risk for financial fraud. The implications of these vulnerabilities extend beyond basic credential theft; they enable attackers to create backdoors into users’ systems through trusted integrations with platforms like Google Workspace and Slack. For instance, a malicious Google document can prompt OpenClaw to establish a connection with a Telegram bot, allowing attackers to command the AI agent to exfiltrate files, install malware, or even delete data on a victim's machine. As AI agents become embedded in various productivity tools, these security risks highlight a pressing need for stringent measures and protocols to safeguard sensitive personal information within AI systems.