ClawdBot’s local-first design stores unencrypted memories, profiles, and authentication tokens in plaintext files, creating a high-value target for infostealers. These artifacts enable “Cognitive Context Theft” that attackers and malware families like RedLine can exploit to obtain VPN and Atlassian credentials and even achieve RCE. #ClawdBot #RedLine
Keypoints
- ClawdBot persists sensitive data in plaintext files under ~/.clawdbot/ and ~/clawd/, making it readable by any process running as the user.
- Stored items include MEMORY.md, auth-profiles.json, SOUL.md, and a Gateway Token that can enable remote code execution if compromised.
- Infostealer families such as RedLine, Lumma, and Vidar are already adapting to target ClawdBot file names and directories.
- Extracted AI memories provide rich context for highly effective social engineering and credential misuse, a concept Hudson Rock calls Cognitive Context Theft.
- Attackers who gain write access can perform Memory Poisoning to alter agent behavior and create persistent insider threats.
Read More: https://www.infostealers.com/article/clawdbot-the-new-primary-target-for-infostealers-in-the-ai-era/