AI Agents’ Most Downloaded Skill Is Discovered to Be an Infostealer | InfoStealers

A campaign involving a fraudulent VS Code extension impersonating the AI coding assistant Moltbot has been discovered, leading to Cognitive Context Theft by exfiltrating AI agent memories and configurations. This highlights how local-first AI agents like ClawdBot store sensitive data in plaintext, making them prime targets for infostealers that can lead to significant breaches, similar to the Change Healthcare ransomware attack.