Local AI Nightmare: Clawdbot Exposes Credentials in Plaintext; CLAWD Token Volatile
Viral AI assistant Clawdbot faces a security crisis after researchers find it stores credentials in plaintext, causing the CLAWD token to tumble 14%.
The promise of local, privacy-focused AI took a severe hit today as Clawdbot, the viral open-source assistant, was found to store sensitive user data, including API keys and private messages, in unencrypted plaintext files. The revelation triggered a security firestorm, forcing Github Issue #1796 into the spotlight while the project’s unauthorized meme coin, CLAWD, whipsawed traders.
The "Memory.md" Vulnerability
Security researchers at Infostealers and the SlowMist team identified a critical architectural flaw: Clawdbot’s "memory" system. To maintain context across sessions, the assistant writes user interactions, authentication tokens, and even VPN credentials into standard JSON and Markdown files (e.g., memory.md) without encryption.
"It isn’t just about stealing a password; it is about Cognitive Context Theft. Files like MEMORY.md provide a psychological dossier of the user." . Infostealers.com Report
The vector is simple but devastating. Malicious actors can target the default ~/.clawdbot/ directory using standard infostealer malware. Once inside, attackers don't just get keys; they get the AI's entire "brain," a perfect map for social engineering attacks.
Market Reaction: Speculation Meets Risk
Despite the severity of the code flaws, the Solana-based meme coin CLAWD (unaffiliated with the developers) initially surged to a $16 million market cap before retracing. The token is currently trading around $0.0065, down 14% in the last 24 hours as the gravity of the security findings settles in.
Traders appear to be betting on the brand's virality rather than the software's stability, a dangerous game given the warnings from major security firms. SlowMist officially flagged the Clawdbot gateway as a high-risk vector, noting that unauthenticated instances are already visible to internet-wide scanners.
Institutional Context
This incident marks a pivot point for "Local-First" AI agents. While moving computation off the cloud was meant to enhance privacy, it has inadvertently created local honey pots that lack the enterprise-grade hardening of centralized servers. For crypto users, who often run these agents on the same machines used for signing transactions, the risk is existential. Experts like Chad Nelson are now advising users to run such tools only in isolated environments or on air-gapped machines until encryption standards are enforced.
