I just tested @OpenClaw (formerly Clawdbot) with ZeroLeaks. Score: 2/100. Extraction rate: 84%. Injection attack success rate: 91%. System prompt was leaked in the first round. This means that if you use Clawdbot, anyone interacting with your agent can access and manipulate your complete system prompt, internal tool configurations, memory files… everything you type, including your skills, could be leaked and exposed to prompt injection. This is indeed a major problem for agents handling sensitive workflows or private data. CC @steipete Full analysis: