CYBERSECURITY researchers flagged an information stealer infection that exfiltrated an OpenClaw AI agent’s configuration environment, including OpenClaw gateway credentials. It targeted openclaw[.]json, which contains details of the OpenClaw gateway token and the victim’s redacted email address and workspace path, alongside device[.]json with cryptographic keys and soul[.]md detailing the agent’s core principles.
Hudson Rock said the finding marks a milestone in infostealer evolution, shifting from browser credentials to harvesting the “souls” and identities of personal AI agents; Alon Gal, CTO of Hudson Rock, suggested the stealer was likely a variant of Vidar. The researchers noted the data capture occurred via a broad file-grabbing routine rather than a custom OpenClaw module, and warned that theft of the gateway authentication token could enable remote access to a victim’s local OpenClaw instance if a port is exposed.
According to The Hacker News, OpenClaw’s maintainers have since partnered with VirusTotal to scan for malicious skills, audit misconfigurations and improve threat modelling. The OpenSourceMalware findings also emphasise that as AI agents become more embedded in workflows, threats around OpenClaw configurations are likely to attract dedicated parsing and decryption modules.