What happened
Researchers have observed information-stealing (infostealer) malware successfully harvesting configuration files and authentication credentials from the OpenClaw agentic AI platform (formerly Moltbot and Clawdbot). The malware, likely a variant of the Vidar infostealer, exfiltrated files including gateway tokens, cryptographic keys, and agent operational data that can be used to impersonate or control the targeted AI instance.
Who is affected
Individuals and organisations running OpenClaw agents, particularly those with locally stored API keys, tokens, and gateway credentials, are at risk. Because OpenClaw is being adopted widely for automation and productivity tasks, both personal users and enterprise endpoints could be exposed if these agents run with elevated permissions or lack proper access controls.
Why CISOs should care
This development highlights a shift in attacker focus from traditional credential theft to AI agent environments, treating agent secrets and configuration as high-value targets. Compromise of these assets can lead to unauthorized access, impersonation of AI workflows, and potential lateral movement within corporate systems. The broader OpenClaw ecosystem also faces additional risks from malicious “skills” in community marketplaces that can deliver malware or expand the attack surface.
3 practical actions for CISOs
- Audit AI agent deployments: Identify where OpenClaw agents are running across the environment and enforce least-privilege configurations.
- Protect secrets and tokens: Ensure all agent credentials and configuration files are stored securely (e.g., encrypted, outside default paths) and integrate into enterprise secrets management.
- Monitor and control third-party extensions: Vet and restrict installation of skills or plugins; use malware scanning (e.g., VirusTotal feeds) and block untrusted sources.