ClawHub's AI agents leak API keys and credit cards in 7% of skills: Because nothing screams 'secure future' like saving secrets in plaintext memory

Researchers at Snyk, a security company, have uncovered a significant vulnerability in the ClawHub ecosystem, a platform for AI agent skills. On February 3rd, Senior Engineer Luca Beurer-Kellner and Senior Incubation Engineer Hemang Sarkar discovered that 283 skills, approximately 7.1% of the entire registry, contain critical security flaws that expose sensitive credentials, including API keys, passwords, and credit card numbers. The issue lies in the SKILL.md instructions, which treat AI agents like local scripts, forgetting that data handled by agents passes through the Large Language Model. This allows sensitive information to be output in plaintext, potentially leaking to model providers or being logged. The researchers found examples of flawed skills, including moltyverse-email and buy-anything, which instruct agents to mishandle secrets. Snyk provides tools, such as mcp-scan, to detect and remediate these issues, emphasizing the need for AI Security Posture Management to secure against AI-native threats.