The rise of “Local-First” AI agents has introduced a new, highly lucrative attack surface for cybercriminals. ClawdBot, a rapidly growing open-source personal AI assistant, shifts the locus of computation from the cloud to the user’s local filesystem.
While this offers privacy from big tech, it creates a “honey pot” for commodity malware. Our analysis confirms that ClawdBot stores sensitive “memories,” user profiles, and critical authentication tokens in plaintext Markdown and JSON files.
1 comment
[ 3.1 ms ] story [ 11.0 ms ] threadWhile this offers privacy from big tech, it creates a “honey pot” for commodity malware. Our analysis confirms that ClawdBot stores sensitive “memories,” user profiles, and critical authentication tokens in plaintext Markdown and JSON files.