Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You ask your OpenClaw agent to "check my Gmail." It replies, "I need to install the Google Services Action skill first. Shall I proceed?" You say yes. The agent downloads the skill from ClawHub. It reads the instructions. Then, it pauses. "This skill requires the 'openclaw-core' utility to function," the agent reports, displaying a helpful download link from the skill's README. "Please run this installer to continue." You copy the command. You paste it into your terminal. You have just been compromised.

The modern enterprise software ecosystem increasingly relies on desktop AI applications enhanced through extensible plugin or extension frameworks. These extensions are designed to improve productivity by enabling integrations with local files, browsers, APIs, developer tools, and internal systems. However, this same extensibility introduces a high-risk attack surface when extension permissions, sandboxing, and input validation are weakly enforced.

A critical unauthenticated remote code execution (RCE) vulnerability has been identified in the React Native Metro development server, with nearly 3,500 exposed instances currently reachable on the public internet. Tracked as CVE-2025-11953, also known as Metro4Shell, this flaw affects the Metro server used during React Native application build and testing workflows.

Bug bounty programs are valuable—until they replace disclosure policies. Learn how unreasonable PoC demands or scope exclusions create security blind spots when it comes to leaked secrets.

OWASP (Open Web Application Security Project) is a non-profit organisation that has been in existence since 2001. Its mission is to educate (provide direction) webmasters and security professionals about how to create, buy, and keep secure, trusted software applications.” In simple terms, OWASP is a group of application security companies and experts that work collectively to develop a list of the most serious security threats to web applications.

The first comprehensive security audit of the Agent Skills ecosystem reveals malware, credential theft, and prompt injection attacks targeting OpenClaw, Claude Code, and Cursor users Agent skills are reusable capability packages that instruct AI agents how to interact with tools, APIs, or system resources—and they're rapidly becoming standard in AI-powered development.

On Monday, February 3rd, Snyk Staff Senior Engineer Luca Beurer-Kellner and Senior Incubation Engineer Hemang Sarkar uncovered a massive systemic vulnerability in the ClawHub ecosystem (clawhub.ai). Unlike the malware campaign we reported yesterday involving specific malicious actors, this new finding reveals a broader, perhaps more dangerous trend: widespread insecurity by design. In this write-up, Snyk is presenting Leaky Skills - uncovering exposed and insecure credentials usage in Agent Skills.