Moltbot: The Viral AI Assistant That’s Dividing Tech
From overnight sensation to security nightmare, the story of an AI assistant that promised to do everything but might cost you everything
Formerly Known As Clawdbot 🦞
44K+
GitHub Stars in Weeks
14%
Cloudflare Stock Surge
100s
Exposed Instances Found
24/7
Always-On AI Agent
The Rise & Rebrand of Moltbot
Early 2025
Birth of Clawdbot
Austrian developer Peter Steinberger creates a personal AI assistant after three years away from coding. Named after Anthropic’s Claude AI with a playful lobster mascot.
December 2025
Viral Explosion
The project gains 44,200+ GitHub stars in weeks. Tech enthusiasts flood social media with demos. Mac Mini sales spike as users buy dedicated hardware to run the assistant.
January 2026
Security Warnings Emerge
Researchers discover hundreds of exposed instances with no authentication. Hudson Rock identifies plaintext credential storage. Red-teaming company Dvuln finds critical vulnerabilities.
Late January 2026
Forced Rebrand to Moltbot
Anthropic raises trademark concerns over the name “Clawdbot”. Steinberger rebrands to “Moltbot” symbolizing a lobster’s molt. Crypto scammers immediately impersonate the new brand.
January 28, 2026
Ongoing Controversy
Security experts like Google Cloud’s Heather Adkins urge people not to install it. The debate continues between innovation enthusiasts and security professionals.
How Moltbot Works
1
Install Locally
Download open-source code and run on your own computer or server 24/7
2
Connect Apps
Link WhatsApp, Telegram, Discord, email accounts, calendars, and other services
3
Grant Access
Provide API keys, passwords, and credentials for full account control
4
AI Takes Over
The agent autonomously manages tasks, responds to messages, and executes commands
Critical Security Concerns
Exposed Instances
Hundreds of Moltbot installations found exposed to the internet with no authentication, allowing attackers full access to private messages, credentials, and API keys.
CRITICAL RISK
Plaintext Storage
Secrets and credentials stored in unencrypted Markdown and JSON files on local filesystem, making them prime targets for infostealer malware like Redline, Lumma, and Vidar.
CRITICAL RISK
Prompt Injection
Malicious actors can send messages through WhatsApp or email containing hidden instructions that make Moltbot execute unintended commands without user knowledge.
HIGH RISK
Supply Chain Attack
ClawdHub skills library has no moderation. Researcher proved poisoned packages with 4,000+ downloads could execute malicious code, stealing SSH keys and AWS credentials.
HIGH RISK
Infostealer Malware
If the host Mac Mini or computer gets infected, malware families are already implementing capabilities to target Moltbot’s local-first directory structures.
HIGH RISK
Internet Exposure
Users misconfigure gateways to allow remote access, turning Moltbot into a remote command execution interface accessible to anyone on the internet.
MEDIUM RISK
Expert Warnings
- Google Cloud VP Heather Adkins: “Don’t run Clawdbot”
- Security researcher claims it’s “infostealer malware disguised as an AI personal assistant”
- Former Microsoft exec Rahul Sood warns of “zero guardrails by design”
- Hudson Rock: “Local-First AI revolution risks becoming a goldmine for global cybercrime”
- Without proper isolation, one misconfiguration exposes your entire digital life
What Security Experts Are Saying
“AI agents tear all of that down by design. They need to read your files, access your credentials, execute commands, and interact with external services. The value proposition requires punching holes through every boundary we spent decades building.”
Founder, Dvuln (Red-teaming Company)
“A significant gap exists between the consumer enthusiasm for Clawdbot’s one-click appeal and the technical expertise needed to operate a secure agentic gateway. Many users unintentionally create a large visibility void by failing to track which corporate and personal tokens they’ve shared.”
Director of Cybersecurity Strategy, Salt Security
“‘Actually doing things’ means ‘can execute arbitrary commands on your computer.’ What keeps me up at night is prompt injection through content where a malicious person could send you a WhatsApp message that could lead Moltbot to take unintended actions without your intervention.”
Former Microsoft Executive, Tech Entrepreneur
Related Tech Stories
Adobe Premiere & After Effects 26 AI Updates
AI-powered object masking and 20x faster tracking revolutionize video editing
Apple AI Wearable Pin 2027
OpenAI and Jony Ive collaborate on next-generation AI hardware
ASUS AMD 800 Series Motherboard Issues
Ryzen 9800X3D failure investigation and Q-Code 00 analysis
149 Million Credentials Exposed
Massive infostealer database leak affects Gmail and Facebook users
New Apple AirTag 2026
50% louder speaker and extended range reduce lost luggage incidents
The Register on Moltbot
Latest updates and security analysis from tech security experts
