Security Alert: Infostealer Targets OpenClaw AI Agent Configurations

- The infostealer variant responsible for the attack was likely Vidar, which used a "broad file-grabbing routine" to search for sensitive file extensions and directory names rather than a module specifically designed for OpenClaw. - The stolen `openclaw.json` file contained the victim's email, workspace path, and a gateway authentication token, which could allow an attacker to remotely connect to the user's local OpenClaw instance if the port is exposed. - Attackers also exfiltrated `device.json`, containing cryptographic keys that could be used to sign messages as the victim's device, and `soul.md`, a file detailing the AI agent's core operational principles and personality. - Cybersecurity firm Hudson Rock, which discovered the infection, noted this marks a significant evolution from stealing browser credentials to harvesting the "souls" and identities of personal AI agents. - This direct attack on AI configurations follows other security issues in the OpenClaw ecosystem; in early February 2026, researchers found hundreds of malicious "skills" in the OpenClaw marketplace designed to deliver other infostealer malware. - The OpenClaw project, which has over 200,000 stars on GitHub, recently announced its founder is joining OpenAI and the project will be supported by an open-source foundation. - Infostealer malware has seen a dramatic rise in recent years, with one report noting a 643% increase in device compromises over the last three years, highlighting a broader trend of attackers targeting credentials and sensitive data. - Security experts recommend that users treat AI agent skill repositories as untrusted code and run agents in sandboxed environments to mitigate risks of data exfiltration and malicious command execution.