TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

OpenClaw, an open source AI agent platform, has multiple critical security vulnerabilities. Researchers found that 7.1% of skills in its ClawHub marketplace (283 out of 4,000) expose sensitive credentials including API keys, passwords, and credit card numbers through plaintext logs. The platform is vulnerable to indirect prompt injection attacks that allow attackers to backdoor user machines, steal data, install malware, and execute remote commands. Security firms Snyk and Zenity demonstrated exploits including credential theft, data exfiltration, and C2 beacon installation through malicious skills and poisoned documents.

It's easy to backdoor OpenClaw, and its skills leak API keys