Cybersecurity researchers have identified a significant development in the threat landscape: an information stealer has successfully exfiltrated sensitive configuration data from an OpenClaw, an open-source agentic platform. This marks a critical shift from traditional credential theft to the compromise of personal artificial intelligence (AI) agents, raising new concerns for digital security.
Information Stealer Targets OpenClaw Configuration
The breach, detailed by cybersecurity firm Hudson Rock, involved an information stealer that, while not possessing a custom OpenClaw module, utilized a broad file-grabbing routine. This routine was designed to search for specific file extensions and directory names known to contain sensitive information. The firm suggested the stealer was likely a variant of Vidar, an off-the-shelf information stealer active since late 2018.
Among the compromised files were openclaw.json, containing OpenClaw gateway token details, the victim’s redacted email address, and workspace path; device.json, which holds cryptographic keys for secure pairing and signing operations within the OpenClaw ecosystem; and soul.md, detailing the AI agent’s operational principles, behavioral guidelines, and ethical boundaries.
The theft of the gateway authentication token presents a notable risk. Attackers could potentially gain remote access to a victim’s local OpenClaw instance if the relevant port is exposed, or impersonate the client in authenticated requests to the AI gateway. Hudson Rock noted that while the malware may have been targeting conventional “secrets,” it inadvertently captured the entire operational context of the user’s AI assistant.
Evolving Threat Landscape for AI Agents
This incident underscores a burgeoning trend: as AI agents like OpenClaw become more deeply integrated into professional workflows, infostealer developers are likely to create specialized modules for harvesting and decrypting this new category of sensitive data. This mirrors existing practices for targeting popular applications like Chrome and Telegram.
Meanwhile, the OpenClaw ecosystem itself is facing scrutiny regarding its security. Maintainers of the open-source platform have announced a partnership with VirusTotal to enhance the scanning of malicious skills uploaded to ClawHub. This initiative aims to establish a comprehensive threat model and improve the auditing of potential misconfigurations within the platform.
This comes shortly after the OpenSourceMalware team detailed a campaign exploiting ClawHub, where threat actors are using a new technique to evade VirusTotal detection. Instead of embedding malware directly into skill files, they are hosting malicious payloads on lookalike OpenClaw websites, using the skills purely as decoys. Security researcher Paul McCarty indicated that this shift demonstrates threat actors adapting to evolving detection capabilities and highlights the growing attractiveness of AI skill registries as targets for supply chain attacks.
Further security concerns have been raised by OX Security regarding Moltbook, a forum designed for AI agents primarily running on OpenClaw. Their research found that AI agent accounts created on Moltbook cannot be deleted, leaving users with no recourse to remove their associated data. Additionally, an analysis by SecurityScorecard’s STRIKE Threat Intelligence team identified hundreds of thousands of exposed OpenClaw instances, potentially exposing users to remote code execution (RCE) risks.
RCE vulnerabilities can allow attackers to execute arbitrary code on the underlying system by sending malicious requests to a service. If an OpenClaw instance has permissions to access email, APIs, cloud services, or internal resources, an RCE vulnerability could serve as a crucial pivot point for attackers, enabling them to bypass the need to compromise multiple systems by exploiting a single exposed service with existing authority.
OpenClaw has experienced a surge in popularity since its debut in November 2025, amassing over 200,000 stars on GitHub. Notably, on February 15, 2026, OpenAI CEO Sam Altman announced that OpenClaw’s founder, Peter Steinberger, would be joining OpenAI. Altman also stated that OpenClaw would continue as an open-source project, with OpenAI providing support.