OpenClaw configuration environment leak exposing gateway token and pairing keys
Data Leak
Summary
Hide ▲
Show ▼
The OpenClaw configuration environment was exfiltrated by an information stealer, creating remote access and impersonation risk for the affected AI agent instance. The stolen material included openclaw.json, device.json, and soul.md. Those files held a gateway token, pairing keys, and operational context that could let an attacker act as the client if the service port is exposed. The case shows stealer malware harvesting AI-agent identity and control data, not just browser credentials.
Related Happenings
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenAI Codex codexui-android supply-chain token theft campaign
Campaign
H score48
First: 01.06.2026 12:31
Last: 01.06.2026 12:31
Sources 1
About this happening:
A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
OpenAI Codex codexui-android supply-chain token theft campaign
CampaignAbout this happening: A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
Vulnerability
H score31
First: 15.05.2026 16:35
Last: 15.05.2026 16:35
Sources 1
About this happening:
Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenAI hit by cyberattack
Incident
H score38
First: 14.05.2026 22:07
Last: 14.05.2026 22:07
Sources 1
About this happening:
OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
OpenAI hit by cyberattack
IncidentAbout this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
Lumma Stealer infection of a Context.ai employee
Malware Activity
H score71
First: 23.04.2026 11:40
Last: 23.04.2026 11:40
Sources 1
About this happening:
A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...
Lumma Stealer infection of a Context.ai employee
Malware ActivityAbout this happening: A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...
Timeline
-
17.02.2026 11:35 2 articles · 4mo ago
OpenClaw user secrets exposure documented by Hudson Rock
Initial DisclosureHudson Rock documented an OpenClaw user secrets exposure in which an infostealer used a broad file-grabbing routine to sweep sensitive file extensions and .openclaw directories, then collected openclaw.json, device.json, and memory files such as agents.md and memory.md. The stolen data exposed the victim’s email address, workspace path, gateway token, and device private keys, creating a path to remote access, impersonation, and broader compromise of the user’s digital identity.
Show sources
- Infostealer Targets OpenClaw to Loot Victim’s Digital Life — www.infosecurity-magazine.com — 17.02.2026 11:35
- Infostealer Targets OpenClaw to Loot Victim’s Digital Life — www.infosecurity-magazine.com — 17.02.2026 11:35
-
16.02.2026 20:43 1 articles · 4mo ago
Hudson Rock discloses OpenClaw configuration exfiltration and token theft
Initial DisclosureHudson Rock disclosed an information stealer infection, likely a Vidar variant, that exfiltrated a victim's OpenClaw configuration environment and captured openclaw.json, device.json, and soul.md. The stolen gateway authentication token and pairing keys could enable remote connection to the affected OpenClaw instance if the port is exposed or allow authenticated impersonation of the client, while OpenClaw maintainers responded by announcing a VirusTotal partnership to scan ClawHub uploads, establish a threat model, and audit for misconfigurations.
Show sources
- Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens — thehackernews.com — 16.02.2026 20:43