general🌐InternationalThe Hacker News
Info Stealer Exfiltrates OpenClaw AI Agent Configurations and "Souls"
Monday, February 16, 2026
What
An information stealer, likely Vidar, used a broad file-grabbing routine to exfiltrate critical OpenClaw AI agent configuration files, including gateway tokens, cryptographic keys, and "soul" files. This signifies a pivotal shift in infostealer behavior towards harvesting personal AI agent identities and operational contexts, posing new risks for AI-integrated workflows.
Where
OpenClaw AI agent users, specifically those with exposed instances or infected by information stealers.
When
Recently disclosed by cybersecurity researchers; OpenClaw debuted November 2025.
Key Factors
- •The information stealer targeted specific files like `openclaw.json`, `device.json`, and `soul.md` through a generic file-grabbing routine, not a custom module, to capture AI agent data.
- •The theft of the OpenClaw gateway authentication token enables attackers to remotely connect to or masquerade as the victim's AI agent, potentially leading to unauthorized access and actions.
- •Hundreds of thousands of exposed OpenClaw instances are vulnerable to remote code execution (RCE), further escalating the risk of compromise for AI agents.
Takeaways
- →Users of AI agents like OpenClaw should secure their environments, ensure proper port configuration, and regularly audit for exposed instances and potential misconfigurations.
- →Organizations must anticipate and prepare for the evolution of infostealers to target AI agent-specific data, implementing robust data protection and access control measures for AI systems.
Read Full Article
Opens original article on The Hacker News
