OpenClaw, formerly Moltbot and Clawdbot, gets another rename while security, installation and the increasing prevalence of scammers and grifters grow.
What began as a side project that quietly drew more than 100,000 GitHub stars has turned into one of the most viral experiments in AI. Built by Peter Steinberger, founder of PSPDFKit, Clawdbot captured attention by promising something most AI tools still cannot do: use a message-based interface to take action, not just talk.
That promise pushed the project from curiosity to phenomenon. It also pushed it into trouble.. Each name change widened its audience and its risk profile. What was once framed as a clever, local AI assistant is now under scrutiny from security researchers, enterprises and regulators who see the same pattern emerging with rapid adoption, deep permissions and confusion that scammers know how to exploit.Most AI tools respond with text. OpenClaw is different. It is an agent, meaning it can carry out tasks on your computer, and you can interact with that agent using your favorite messaging platform such as Whatsapp, Telegram, Discord, Slack, Teams and others. A simple message like “check my calendar and reschedule my flight” can trigger real actions such as opening a browser, clicking buttons, accessing files, sending messages or running commands. The system runs locally on a user’s machine but connects to cloud-based AI models for reasoning. The appeal is control. Your data stays with you. Your machine does the work.To function, OpenClaw often needs deep access to the system it runs on, sometimes equivalent to administrator or “sudo” privileges. That means the same tool that can save time can also cause real damage if misused, misunderstood or compromised.Part of OpenClaw’s viral growth came from the idea that you could run the platform on your own machine, including on low-cost but high-powered Mac Minis. Images, both real and AI generated, soon circulated on social media showing rows of Mac Minis stacked like servers, running fleets of AI agents. The implication was that this was a new kind of personal AI infrastructure, cheap, local and safe from big cloud providers. But the reality is more complicated. Running agents locally does not eliminate risk. It shifts it. Instead of trusting a cloud vendor, users become responsible for updates, permissions, network exposure and security configuration. Many of the exposed OpenClaw control panels documented by researchers were not hacked. They were simply misconfigured.that hundreds of Moltbot control interfaces were left accessible on the open internet, exposing chat logs, API keys and in some cases the ability to execute commands remotelyMalwarebytes documented a wave of typosquat domains and cloned GitHub repositories that appeared almost immediately after the rename. These look legitimate, often using clean code at first and then introduce malicious updates later, something known as a “supply chain” attack.harassment targeting Steinberger and a temporary compromise of his GitHub account. None of this required exploiting a software bug. It relied on speed, hype and users moving faster than their skepticism.While OpenClaw enables significant power with agents that can do your bidding, it also opens significant security and privacy concerns. A misconfigured web app leaks data, but a misconfigured agent can leak data and act on it. Once installed, OpenClaw may have access to files, browsers, email, calendars, messaging platforms and system commands. All of that is tied together with memory and automated decision-making. If the agent misunderstands an instruction or if an attacker manipulates it through crafted inputs, the consequences are real.how poisoned documents can be used to extract secrets from AI systems. Agents with administrative access are particularly vulnerable to these techniques. OpenClaw is not uniquely flawed, since these are issues common to all agentic AI platforms. However, its viral growth in these still emerging days combined with its power and accessibility is making it a challenge for people who may not fully grasp the risk.that more than half of its enterprise customers had users granting the tool privileged access without approval. This is classic shadow IT, amplified by AI. Security teams did not deploy the tool, but they inherited it.OpenClaw’s installation is marketed as simple, often shown as a single command copied into a terminal. In practice, the documentation acknowledges issues with system paths, permissions, dependencies, OAuth credentials and multiple API keys. Complex installs lead to shortcuts. Shortcuts lead to insecure setups. Steinberger has responded with improved documentation, security audits and automated checks. Steinberger highlights dozens of security-related commits and a growing set of best practices. And this is necessary responsible work, and is also a signal that the default experience remains easy to get wrong.As a product, OpenClaw is early and risky, but as a signal, it is important. It shows that people want AI that acts when people message it, not just chats in a terminal or browser interface. Messaging is becoming the universal remote for work and life. It also shows where the next security battle will be fought: identity, permissions and trust, not traditional malware. For engineers and security professionals, OpenClaw can be a useful experiment if isolated and treated with caution. For most users, it is more of a glimpse of the future that arrived before the guardrails. Steinberger has said the lobster has reached its final form. The market suggests otherwise.
Moltbot Openclaw AI Agents Agentic AI Claude Anthropic
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Give Your Problems (and Passwords) to Moltbot, Then Watch It GoA viral new virtual assistant formerly known as Clawdbot is complex and brings security risks—but some early adopters say it feels like the future.
Read more »
Everyone Really Needs to Pump the Brakes on That Viral Moltbot AI AgentIt's all fun and games until every aspect of your life is splashed all over the dark web.
Read more »
Iranian 'fingers on triggers' amid US military buildup, Trump threats, Tehran saysThere are currently around 35,000 U.S. troops in the Middle East.
Read more »
5-vehicle crash on southbound 170 Freeway in Studio City triggers massive backupA five-vehicle crash on the southbound 170 Freeway near Riverside Drive has left at least three people hospitalized and a significant fuel spill, causing miles of traffic delays.
Read more »
Crypto loves Clawdbot/Moltbot, Uber ratings for AI agents: AI EyeViral AI assistant Clawdbot/Moltbot learned to speak on its own, and can trade on Polymarket. But it’s a cybersecurity nightmare. AI Eye.
Read more »
‘Uncanny Valley’: Minneapolis Misinformation, TikTok’s New Owners, and Moltbot HypeOn this episode of “Uncanny Valley,” we dive into the news that's held our attention this week: ICE activity as it's been unfolding in Minnesota.
Read more »