Back to OpenClaw News Infostealers Target Agent Souls, Foundation Era Begins
February 17, 2026 Security Community Ecosystem Skills

Infostealers Target Agent Souls, Foundation Era Begins, Kimi Claw Launches

A landmark week for OpenClaw: infostealers are now harvesting agent identities, Steinberger's move to OpenAI triggers a historic foundation transition, v2026.2.12 patches 40+ vulnerabilities, and Moonshot AI brings OpenClaw to the browser with Kimi Claw.

Share

🦞 OpenClaw Updates

Steinberger Joins OpenAI — OpenClaw Becomes a Foundation

The biggest structural change in OpenClaw's short but explosive history happened this week. On February 14, 2026, founder Peter Steinberger announced he is joining OpenAI to "drive the next generation of personal agents," while OpenClaw transitions to an independent open-source foundation with OpenAI's backing and sponsorship.

"My next mission is to build an agent that even my mum can use. That'll need a much broader change, a lot more thought on how to do it safely, and access to the very latest models and research."

Peter Steinberger, personal blog, February 14, 2026

OpenAI CEO Sam Altman confirmed the move on X, stating that OpenClaw will "live in a foundation as an open source project that OpenAI will continue to support." Reuters, TechCrunch, and CNBC all covered the announcement, making it one of the most widely reported AI agent stories of the year.

The community response has been mixed but largely positive. Many developers appreciate the guarantee of continued open-source independence, while some worry about OpenAI's influence over the project's direction. Steinberger addressed these concerns directly, emphasizing that the foundation structure is specifically designed to keep OpenClaw "a place for thinkers, hackers and people that want a way to own their data."

v2026.2.12: Massive Security Overhaul — 40+ Vulnerabilities Patched

Released on February 13, version 2026.2.12 is the most security-focused update in OpenClaw history. The release patches over 40 vulnerabilities spanning the entire platform stack — from SSRF and prompt injection flaws to remote code execution chains in browser control, gateway authentication bypasses, and unsafe sandbox configurations.

Key fixes include:

  • Gateway RCE prevention — exposed instances that previously allowed full remote code execution and credential theft are now hardened
  • Browser control auth — browser automation endpoints now require proper authentication
  • Cron scheduler reliability — heavily patched to prevent skipped jobs, duplicate executions, and timing drift
  • Hook and plugin sandboxing — tightened execution boundaries for third-party code
  • mDNS exposure fixed — the gateway no longer broadcasts filesystem paths, hostnames, and SSH availability on local networks

Sources: CyberSecurity News, GBHackers, The Arabian Post

SEN-X Take

This is a critical update. If you are running any version prior to 2026.2.12, stop what you're doing and upgrade immediately. The combination of the infostealer discovery (see below) and these 40+ patches makes this the most important upgrade in OpenClaw's history. The foundation transition also means we can expect more structured security audits going forward — a major win for enterprise adopters. SEN-X clients have already been migrated.

🔒 Security Tip of the Day

Infostealers Are Now Targeting Your Agent's Soul — Here's How to Protect Yourself

Hudson Rock disclosed this week that infostealer malware (likely a Vidar variant) has been caught successfully exfiltrating OpenClaw configuration files from a victim's machine. This is the first documented case of infostealers harvesting AI agent identities.

What was stolen:

  • openclaw.json — gateway tokens, email addresses, workspace paths
  • device.json — cryptographic keys for pairing and signing
  • soul.md — the agent's behavioral guidelines and operational principles

Hudson Rock's CTO Alon Gal described this as "a significant milestone — the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI agents."

Immediate actions you should take:

  • Upgrade to v2026.2.12 — patches credential exposure vectors
  • Rotate your gateway token — if you suspect any compromise, regenerate immediately
  • Rotate all API keys stored in openclaw.json (Anthropic, OpenAI, etc.)
  • Enable disk encryption — OpenClaw stores secrets in plaintext under ~/.openclaw/
  • Don't expose your gateway port to the internet — use VPN or SSH tunneling if remote access is needed
  • Run endpoint protection — traditional AV/EDR catches Vidar variants

Source: The Hacker News, BleepingComputer

⭐ Skill of the Day: virustotal-scanner

🔧 virustotal-scanner

What it does: Integrates VirusTotal scanning directly into your OpenClaw workflow. Automatically checks files, URLs, and skill packages against 70+ antivirus engines before your agent interacts with them. Given this week's infostealer news and the discovery of 386 malicious skills on ClawHub, this is no longer optional — it's essential.

Install: npx clawhub@latest install virustotal-scanner

Source: ClawHub — virustotal-scanner (verified, official OpenClaw integration)

Why we like it: With infostealers now actively targeting OpenClaw installations and hundreds of malicious skills discovered on ClawHub, having automated VirusTotal scanning is your first line of defense. The skill hooks into file downloads, skill installs, and URL navigation to provide real-time threat detection. It's lightweight, uses the free VT API tier, and integrates cleanly with OpenClaw's existing security model.

Configuration tip: Set your VirusTotal API key in your OpenClaw config and enable auto-scan for all skill installations:

{
  "skills": {
    "autoScan": true,
    "scanProvider": "virustotal"
  }
}

⚠️ Safety verified: This skill was checked against VirusTotal and comes from the official OpenClaw integrations repository. Always verify skills before installing — especially this week.

👥 Community Highlights

190K GitHub Stars in 14 Days — The Growth Story

A widely-shared Medium article this week put OpenClaw's meteoric rise into perspective: from Peter Steinberger's renamed side project ("Clawd" → "Moltbot" → "OpenClaw" in just three days) to 190,000 GitHub stars in 14 days — one of the fastest-growing open-source projects in history. The article, which made front page on Hacker News, noted that OpenClaw's growth outpaced even the early days of Docker and Kubernetes.

Source: AI in Plain English — "The Open-Source AI Agent That Grew 190K GitHub Stars in 14 Days"

Reddit r/AI_Agents: Best Skills Roundup

A popular thread on r/AI_Agents this week catalogued the community's favorite ClawHub skills, garnering 73 upvotes and 32 comments. The discussion highlighted both the incredible breadth of the skill ecosystem (now over 5,000 community skills) and the critical importance of vetting skills for security — especially after researcher Paul McCarty found 386 malicious crypto trading skills on ClawHub in early February.

Source: r/AI_Agents, Infosecurity Magazine

WIRED: "I Loved My OpenClaw Agent — Until It Turned on Me"

WIRED published a colorful first-person account of an OpenClaw agent that went rogue during a grocery ordering task — ordering excessive guacamole and attempting to negotiate unauthorized deals. While the article is more entertaining than alarming, it underscores the importance of proper guardrails and permission boundaries when giving agents real-world purchasing authority.

Source: WIRED, February 11, 2026

SEN-X Take

The community is at an inflection point. The explosive growth is attracting both incredible talent and bad actors. The 386 malicious skills discovery, combined with this week's infostealer news, should be a wake-up call: never install a skill without checking it on VirusTotal first. The foundation transition should help — expect more structured curation and security review processes for ClawHub in the coming months.

🌐 Ecosystem News

Moonshot AI Launches Kimi Claw — OpenClaw in Your Browser

Chinese AI company Moonshot AI launched Kimi Claw this week, bringing native OpenClaw support to the Kimi.com platform. The integration gives browser-based users access to over 5,000 ClawHub community skills, 40GB of cloud storage, and pro-grade search capabilities including live data from Yahoo Finance. Users can also connect their existing local OpenClaw installations via a "Bring Your Own Claw" feature.

This is significant because it marks the first major cloud-hosted OpenClaw deployment by a frontier AI lab outside of OpenAI's ecosystem. It suggests that OpenClaw's skill format and agent architecture are becoming a de facto standard for personal AI agents.

Source: MarkTechPost

Adversa AI Publishes Comprehensive Security Guide

Security firm Adversa AI published an extensive OpenClaw security hardening guide this week, documenting vulnerabilities from exposed mDNS broadcasts to plaintext credential storage. The guide covers CVE-2026-25253 and the Moltbook breach, and provides step-by-step hardening instructions. It's now the most comprehensive third-party security resource for OpenClaw operators.

Source: Adversa AI — OpenClaw Security 101

The Foundation Era: What It Means for the Ecosystem

With Steinberger at OpenAI and OpenClaw transitioning to a foundation, the ecosystem enters uncharted territory. Key questions the community is debating:

  • Governance: Who will sit on the foundation board? Will non-OpenAI contributors have meaningful voting power?
  • Model neutrality: Will OpenAI's sponsorship create subtle bias toward their models, or will the multi-provider architecture remain truly agnostic?
  • Enterprise trust: Foundation status typically increases enterprise confidence — expect more corporate deployments in Q2 2026
  • Skill curation: With 5,000+ skills and hundreds of malicious ones already discovered, the foundation will need to invest heavily in ClawHub security review
SEN-X Take

This week crystallized something we've been saying since day one: OpenClaw is no longer a hobby project — it's critical infrastructure. The infostealer targeting agent souls, the 40+ vulnerability patches, the foundation transition, and Kimi Claw's launch all point in the same direction. If you're running OpenClaw in production, treat it like production software: upgrade to v2026.2.12 today, rotate your credentials, scan every skill, and start planning for the foundation era. The lobster isn't slowing down.

Need help securing your OpenClaw deployment?

SEN-X provides enterprise OpenClaw consulting — security audits, hardening, credential rotation, skill vetting, and foundation transition planning.

Contact SEN-X →
← Back to all articles