Removing the credentials is by-design. There are scenarios involving agent-clone where keeping them would expose a security vulnerability, so we remove them. I recall this is documented, but I don't have the documentation with me.
Perhaps altering the UI behavior would help. I.e. we could look into not displaying the asterisks after a clone operation to highlight that there is nothing there, but we'd have to look into how we would do this such that it would apply to all use cases. Not displaying asterisks on blank passwords or other blank data is a giveaway that blank may be the password, so it's also an exposure if done wrong.