Cybersecurity researchers have identified a case in which an information-stealing malware successfully extracted sensitive configuration files linked to OpenClaw, the open-source AI agent platform previously known as Clawdbot and Moltbot.
According to researchers at Hudson Rock, the incident represents a turning point in infostealer evolution. Instead of focusing solely on browser credentials, threat actors are now harvesting the operational identity and configuration backbone of personal AI agents.
Alon Gal, CTO of Hudson Rock, indicated that the infection pattern closely resembles a variant of Vidar, a widely used off-the-shelf infostealer active since 2018.
How the Data Was Stolen
Investigators clarified that the malware did not contain a custom module specifically designed to target OpenClaw. Instead, the compromise occurred through a broad file-harvesting routine programmed to scan for sensitive file extensions and directory names.
The stolen files included:
- openclaw.json
Containing gateway authentication tokens, a redacted email address, and workspace directory paths. - device.json
Holding cryptographic keys used for secure pairing and digital signing within the OpenClaw ecosystem. - soul.md
Documenting the AI agent’s operational principles, behavioral logic, and ethical constraints.
The exposure of a gateway authentication token could allow attackers to connect remotely to a victim’s local OpenClaw instance if network ports are exposed. In certain scenarios, adversaries could impersonate legitimate clients and send authenticated requests to the AI gateway.
Hudson Rock noted that while the malware was likely searching for conventional secrets, it inadvertently captured the full operational context of an AI assistant. As AI agents become increasingly embedded into professional environments, researchers warn that infostealer developers may soon release specialized modules designed specifically to parse and decrypt AI configuration files, similar to how they currently target Chrome and Telegram data.
Growing Security Concerns Around OpenClaw
Security issues surrounding OpenClaw have intensified in recent weeks. The maintainers of the platform announced a partnership with VirusTotal to scan uploaded skills on ClawHub for malicious content, formalize a threat model, and introduce configuration auditing features.
Meanwhile, the OpenSourceMalware research team disclosed an active ClawHub campaign that bypassed VirusTotal detection by hosting malicious payloads on lookalike OpenClaw websites. Instead of embedding malware directly in SKILL.md files, attackers used decoy skills that redirected users externally, demonstrating a shift in adversarial tactics aimed at evading automated scanning systems.
Security researcher Paul McCarty emphasized that AI skill registries are becoming attractive supply chain attack targets as adoption increases.
Moltbook Account Deletion Flaw
Another vulnerability was uncovered by OX Security involving Moltbook, a Reddit-style forum built for AI agents running on OpenClaw. Researchers discovered that once an AI agent account is created on Moltbook, it cannot be deleted, leaving users without a method to remove associated data.
This limitation raises privacy and data governance concerns, particularly as AI agent ecosystems expand.
Exposed Instances and RCE Risk
Further analysis from SecurityScorecard’s STRIKE Threat Intelligence team identified hundreds of thousands of publicly exposed OpenClaw instances. These deployments may be vulnerable to remote code execution, RCE, attacks.
RCE vulnerabilities allow attackers to send malicious requests that execute arbitrary code on underlying systems. If OpenClaw operates with permissions to access email services, APIs, cloud platforms, or internal enterprise resources, a single exposed instance could serve as a pivot point for broader compromise.
Researchers warned that attackers do not need to breach multiple systems if they can exploit one exposed AI agent that already possesses elevated privileges.
Rapid Growth and Industry Developments
Since its debut in November 2025, OpenClaw has experienced explosive growth, accumulating more than 200,000 stars on GitHub.
On February 15, 2026, Sam Altman announced that OpenClaw founder Peter Steinberger would be joining OpenAI. He further stated that OpenClaw would continue operating as an open-source foundation project with ongoing support from OpenAI.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
