AI Agents’ Most Downloaded Skill Is Discovered to Be an Infostealer

This report describes a campaign in which a fake VS Code extension impersonating an AI assistant (Moltbot) and other vectors are used to perform 'Cognitive Context Theft'—exfiltrating plaintext AI agent memories, authentication tokens, VPN configs, and developer credentials. It highlights how local-first agents like ClawdBot create attractive targets, lists file paths and regex indicators (e.g., %USERPROFILE%/.clawdbot/clawdbot.json, %USERPROFILE%/clawd/memory/*.md, (auth.token|sk-ant-|jira_token)), names adapting infostealer families (RedLine, Lumma), and cites prior breaches (Change Healthcare) to underscore the high impact risk to organizations.