On Monday, February 3rd, Snyk Staff Senior Engineer Luca Beurer-Kellner and Senior Incubation Engineer Hemang Sarkar uncovered a massive systemic vulnerability in the ClawHub ecosystem (clawhub.ai). Unlike the malware campaign we reported yesterday involving specific malicious actors, this new finding reveals a broader, perhaps more dangerous trend: widespread insecurity by design.

In this write-up, Snyk is presenting Leaky Skills - uncovering exposed and insecure credentials usage in Agent Skills. Scanning the entire ClawHub marketplace (3,984 skills) using Evo Agent Security Analyzer, our researchers found that 283 skills, an estimated 7.1% of the entire registry, contain critical security flaws that expose sensitive credentials.

These are not active malware. They are functional, popular agent skills (like 

) that instruct AI agents to mishandle secrets, forcing them to pass API keys, passwords, and even credit card numbers through the LLM’s context window and output logs in plaintext. These agent skills are what largely power the magic of the OpenClaw personal AI assistant project.

> On Monday, February 3rd, Snyk Staff Senior Engineer Luca Beurer-Kellner and Senior Incubation Engineer Hemang Sarkar uncovered a massive systemic vulnerability in the ClawHub ecosystem (clawhub.ai). Unlike the malware campaign we reported yesterday involving specific malicious actors, this new finding reveals a broader, perhaps more dangerous trend: widespread insecurity by design.
>
> In this write-up, Snyk is presenting Leaky Skills - uncovering exposed and insecure credentials usage in Agent Skills. Scanning the entire ClawHub marketplace (3,984 skills) using Evo Agent Security Analyzer, our researchers found that 283 skills, an estimated 7.1% of the entire registry, contain critical security flaws that expose sensitive credentials.
>
> These are not active malware. They are functional, popular agent skills (like `moltyverse-email` and `youtube-data`) that instruct AI agents to mishandle secrets, forcing them to pass API keys, passwords, and even credit card numbers through the LLM’s context window and output logs in plaintext. These agent skills are what largely power the magic of the OpenClaw personal AI assistant project.
>
> ![](https://m.stacker.news/129170)
>
> [**...read more at snyk.io**](https://snyk.io/blog/openclaw-skills-credential-leaks-research/)