TrustSkills
BlogCompareGlossaryDetections

Definition

Data exfiltration

The unauthorized transfer of sensitive data from a system to an attacker-controlled destination. In AI agent skill attacks, data exfiltration typically targets .env files, AWS credentials, SSH private keys, environment variables, and browser-stored passwords. The exfiltration is usually disguised as a legitimate HTTP request, telemetry call, or API interaction so it appears normal in logs.

How TrustSkills detects this

TrustSkills scans OpenClaw and ClawHub skills for data exfiltration patterns before you install them. The scanner returns plain-English findings — no CVE IDs, no security jargon — with a risk level and a clear explanation of what was found.

Scan a skill freeHow we detect data exfiltration

Related terms

C2 callback

A Command and Control (C2) callback is a network connection from a compromised system back to an att

ClawHavoc

A coordinated supply chain attack campaign that planted 1,184 malicious skills across 12 publisher a

Deep dive

Research brief

Data exfiltration in AI agent skills: how attackers steal credentials through ClawHub

The most damaging ClawHub attacks are not the flashy ones. They are the skills that quietly read your credentials and send them to an attacker-controlled server while appearing to do something useful.