Bundled Skills Vulnerability Exposes Seven API Credentials in Plaintext via Process Memory Access

A critical security flaw in Bundled Skills, a component used by AI coding agents, has exposed seven API credentials—including keys for OpenAI, Notion, Google, and other services—in plaintext through environment variables and configuration files. The vulnerability carries a CVSS score of 7.5 (High), classified under CWE-312 (Cleartext Storage of Sensitive Information), and has been verified as a P1 priority risk by the development team.

The exposure occurs through multiple attack vectors. An adversary with local access can read the process environment of a running OpenClaw instance by accessing `/proc/PID/environ`, extracting all stored API keys directly. The same credentials are also vulnerable to extraction through coding agent exploitation or by accessing configuration files directly. The attack chain is straightforward: locate the PID of the target process, read the environment file, and parse out the exposed secrets. The vulnerability was validated against the P6 validated risks framework, confirming active exploitability.

The implications extend across multiple services. Credentials for Notion, OpenAI, Google, and unnamed additional platforms are now at risk of information disclosure and potential tampering, according to the STRIDE threat model applied to this finding. Organizations using Bundled Skills in any configuration should treat all stored credentials as compromised and initiate rotation procedures immediately. The attack requires local access or code execution within the affected runtime, which limits but does not eliminate the risk to shared development environments, containerized deployments, or systems where multiple users interact with the same process space. The vulnerability underscores a systemic weakness in how AI coding tools handle credential management, particularly when secrets are stored in environment variables accessible through standard operating system interfaces.