ClawdBot and Security Risks

Automate your life with AI? Let's sounds great, until you see the security risks involved

Clawdbot is an amazing tool, having played around with it for a while, I can see how it can be used to automate a lot of tasks and make my life easier. It is what is known as an AI agent. It runs in the background and uses a set of rules to make decisions, then act on them. No human interaction is necessary after initial setup other than to tweak settings. However, there are inherent security risks.
Let's talk about MCPs. These are the tools that allow you to connect your AI of choice to another service. A user can connect Clawdbot, or any other agent, to Gmail via MCP, for example. There are others out there that also allow you to connect your AI to Slack, LinkedIn, and other services. The problem is that many of these MCPs insecure in the worst way; they often lack authentication. This obviously means that anyone can connect to their MCPs and use them. In plain English, anyone can read your emails, post to social media on your behalf, or even run commands on your computer.
Unauthenticated MCPs lets attackers spin up Clawdbot remotely then chain with prompt injection to either steal your data or use it to attack your network.
I previously posted an article in which a Clawdbot user showed that a single email confused Clawdbot’s Claude LLM: it misidentified the sender, fetched 5 recent emails (invoices, meetings), and forwarded them to an "attacker." No malware was used, just a cleverly formatted email and a prompt.
While this example is related to MCPs, it also shows how easy it is for an attacker to use an AI to extract information, or even run malicious commands, acting as you.
Then there's API keys. This is what most MCPs use to connect to the AI backend, like Claude or OpenAI (ChatGPT). If someone gets your API key, they can use it to connect to your AI service and use it for their own purposes. If you suddenly see a spike in your API usage, it could cost you thousands of dollars.
So, what can you do to protect yourself and your organization? Limit the use of these agents until they have been thoroughly vetted. Yes, they are very impressive, but they are also very dangerous if proper security measures are not in place.
For those of us that work in the Digital Forensics and Incident Response field, this is going to be yet another avenue of exfiltration and gaining persistence.