vulnu.com
|
ksl
|
|
Vulnerable U uses the OpenClaw incident – where malicious skills flooded ClawHub’s marketplace – to make a broader architectural argument. The real vulnerability isn’t one tool; it’s that agents run shell commands, edit files, and access credentials while relying on system prompts as their only guardrail. Prompts are suggestions, not enforcement. Simon Willison’s framing of the problem is sharp: agents that access private data, ingest untrusted content, and communicate externally at the same time create exfiltration paths by design. OWASP’s 2025 LLM Top 10 already names these threats directly. The piece calls for treating agents like production infrastructure – sandboxed, scoped, logged — but most teams still run them on personal laptops next to unlocked password managers and live SSH sessions.
