New Unveiling of OpenClaw Cybersecurity Concerns: How Data Theft Raises Alarm
Cybersecurity is continuously evolving, yet recent revelations have underscored the disturbing reality of information breach incidents. Recently, researchers identified a significant instance involving the OpenClaw platform, previously recognized as Clawdbot and Moltbot, where malicious software successfully infiltrated and exfiltrated sensitive information.
A New Era of Information Theft
Hudson Rock, a cybersecurity firm, reported that this infiltration marks a pivotal change in the way information stealers operate. “This case signifies a transition from the mere theft of browser credentials to targeting the foundational identities of personal AI agents,” they explained. Alon Gal, Hudson Rock’s Chief Technology Officer, noted that the malware used in this case is likely a variant of Vidar, an information stealer that has been in circulation since late 2018.
Interestingly, the exfiltration of data did not stem from custom modules built for OpenClaw. Instead, a broad file-grabbing routine was utilized, seeking out specific file extensions and directory names that typically house sensitive information.
Key Files Targeted
The compromised files included:
-
openclaw.json: This file contained crucial information related to the OpenClaw gateway token, the victim’s email address (albeit redacted), and workspace paths.
-
device.json: This included cryptographic keys that facilitate secure pairing and signing operations within the OpenClaw ecosystem.
-
soul.md: This document provided insights on the agent’s operational principles, behavioral guidelines, and ethical boundaries.
The theft of the gateway’s authentication token poses a serious risk. If an attacker gains access, they could connect to the victim’s local OpenClaw instance remotely, especially if the port remains exposed. They could even masquerade as a legitimate client in authenticated requests to the AI gateway.
Unintended Consequences of Malware
As Hudson Rock observed, while the malware initially sought out standard credentials, it unintentionally accessed an extensive operational context of the user’s AI assistant. With the increasing integration of AI agents like OpenClaw into daily workflows, it’s likely that developers of information stealers will soon release specialized modules designed specifically to decrypt and interpret these files, much like existing modules for Chrome and Telegram.
This situation has prompted the maintainers of OpenClaw to take action. In response to security vulnerabilities, they recently announced a collaboration with VirusTotal to scan for harmful scripts uploaded to ClawHub. Their goal is to create a robust threat model and implement an auditing mechanism to identify potential misconfigurations.
The Shift in Cyberattacks
According to security researcher Paul McCarty, the shift from embedded malware to external hosting is a telling sign of how threat actors are adjusting to detection technologies. As the landscape of AI skill registries expands, they are becoming attractive targets for supply chain attacks.
Another significant security issue involves Moltbook, a specialized social platform designed for AI agents, particularly those running on OpenClaw. Research revealed that once an account is established on Moltbook, it cannot be deleted. Consequently, users who seek to erase their accounts and withdraw associated data have no viable options.
Additionally, an evaluation by SecurityScorecard’s STRIKE Threat Intelligence team has revealed countless exposed OpenClaw instances, placing users at serious risk of remote code execution (RCE) vulnerabilities.
The Dangers of Exposed Services
RCE vulnerabilities enable an attacker to send malicious commands to a service, essentially executing arbitrary code on the system. If OpenClaw operates with permissions that extend to email, APIs, cloud services, or internal resources, the risk escalates. In this context, an RCE vulnerability serves as a potential entry point for attackers. They do not need to infiltrate multiple systems—gaining access to just one exposed service can open multiple doors.
OpenClaw has seen an explosive rise in interest since its launch in November 2025. Currently, the open-source project has amassed over 200,000 stars on GitHub. On February 15, 2026, OpenAI CEO Sam Altman announced the inclusion of OpenClaw’s founder, Peter Steinberger, into the company, emphasizing that the project will continue to flourish under the support of OpenAI.
The ongoing developments around OpenClaw serve as a firm reminder of the pressing need for heightened security measures and proactive approaches in safeguarding sensitive data in the evolving world of artificial intelligence.
