RESEARCHERS have identified a new information stealer that exfiltrated a victim’s OpenClaw configuration environment, marking a shift towards targeting personal AI agents. According to Hudson Rock, the incident involved a live infection where an infostealer harvested OpenClaw data that includes the agent’s configuration, extensions and related files, rather than just browser credentials.
OpenClaw, formerly MoltBot and ClawdBot, is an open-source personal AI assistant platform that can run locally or via messaging apps and supports community-created skills, which in this case contributed to a broad file-harvesting routine described as a “grab-bag” attack. Stolen material included openclaw[.]json with gateway tokens, device[.]json containing private cryptographic keys, and memory and “soul” files outlining the agent’s behaviour and context.
The report notes that the openclaw[.]json file can reveal the victim’s redacted email address, workspace path, and a high-entropy gateway token, with the gateway.auth[.]token potentially enabling remote access if the port is exposed.