Security researchers have identified an active malware infection in which an infostealer harvested sensitive configuration files and authentication tokens linked to OpenClaw, raising fresh concerns about how development and automation tools are being targeted.
The activity was first observed by analysts at Hudson Rock, who reported that the malware captured a victim’s entire OpenClaw configuration environment from a compromised system. OpenClaw, an open-source agent platform previously known as Clawdbot and Moltbot, stores operational context, credentials, identity data, and workspace details locally on user devices.
What Was Stolen
Investigators found that the malware exfiltrated several sensitive files, including:
- openclaw.json – Containing gateway authentication tokens, a redacted email address, and workspace directory paths.
- device.json – Holding cryptographic keys used for secure pairing and request signing within the OpenClaw ecosystem.
- soul.md and related memory files – Documents outlining the agent’s behavioral rules, operational logic, and digital identity framework.
The theft of gateway tokens and cryptographic keys is particularly serious. With valid tokens, attackers could potentially impersonate a legitimate OpenClaw instance, connect to linked services, or execute authenticated actions without immediately triggering security alerts.
A Shift in Targeting
Infostealers have traditionally focused on browser-stored passwords, session cookies, cryptocurrency wallets, and financial credentials. In this case, however, the attackers harvested an entire agent configuration environment — signaling a broader shift toward targeting development platforms and automation tools as valuable sources of access and identity data.
Researchers noted that the malware did not appear to contain a specialized module built specifically for OpenClaw. Instead, it used a general file-harvesting routine that collected sensitive data from common directories. This suggests that as more tools store operational logic and credentials locally, they may be unintentionally exposed to generic credential-stealing malware.
Broader Security Implications
The findings also highlight additional risks:
- Publicly exposed OpenClaw instances may introduce remote access or code execution threats if improperly secured.
- Third-party “skills” or extensions distributed through community repositories could serve as future infection vectors if not properly reviewed.
Security professionals recommend that users treat configuration files and gateway tokens as high-value credentials. Encrypting local configuration data, rotating tokens regularly, restricting token permissions, and deploying strong endpoint monitoring can significantly reduce exposure.
As automation platforms continue to expand in enterprise and developer environments, attackers are clearly adapting. This incident underscores the importance of securing not only user accounts and browsers, but also the local environments where operational credentials and identity files are stored.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn, Youtube and Instagram to keep the spark alive.
