A technical analysis by Hudson Rock reported on February 2026 that an information stealer successfully exfiltrated a victim’s OpenClaw configuration environment, including gateway tokens, device cryptographic keys, and the agent soul template.
KEY FACTS
- Incident Information stealer exfiltrated OpenClaw configuration files
- Files openclaw.json, device.json, soul.md were captured
- Method Broad file grabbing routine targeting filenames and directories
- Malware Likely a Vidar variant
The analysis characterizes the activity as a shift in infostealer targets from browser credentials to AI agent environments. Findings show the stealer did not use a custom OpenClaw module but relied on a generic file grabber that looks for specific filenames and directories.
Captured files include openclaw.json, which contains the OpenClaw gateway token plus a redacted email and workspace path, device.json, which holds cryptographic keys used for pairing and signing, and soul.md, which holds the agent’s operational principles and behavioral rules.
The theft of a gateway authentication token can allow an attacker to connect to a local OpenClaw instance if the port is exposed, or to impersonate the client in authenticated gateway requests. The report also notes that attackers may develop dedicated modules to decrypt and parse agent files as these targets grow in value.
OpenClaw’s trust announcement adds VirusTotal scanning for ClawHub submissions, a threat model, and audit capabilities to detect potential misconfigurations and malicious skills.
WHY IT MATTERS
The theft of tokens and cryptographic keys can enable remote access and identity impersonation for AI agents. As agentic tools are integrated into workflows, exposed instances and weak controls increase the risk of supply chain and remote code execution attacks.