Everything you need to know about Silicon Valley's hottest open-source AI assistant, including the security risks nobody's talking about.
If you've been anywhere near tech Twitter (now X) in early 2026, you've probably seen ClawdBot everywhere. This open-source AI assistant has taken Silicon Valley by storm, gaining over 60,000 GitHub stars in just days and sparking debates about the future of personal AI.
But what exactly is ClawdBot? Is it the "Siri that should have been" as many claim, or is it a security nightmare waiting to happen? In this comprehensive guide, we'll break down everything you need to know.
Note: ClawdBot has been rebranded to MoltBot as of January 2026 following a trademark request from Anthropic. The software functionality remains identical.
ClawdBot is a free, open-source personal AI assistant created by Peter Steinberger, the Austrian developer who founded PSPDFKit. Unlike cloud-based assistants like Siri or Alexa, ClawdBot runs entirely on your own computer.
The project's tagline says it all: "Your own personal AI assistant. Any OS. Any Platform. The lobster way."
What makes ClawdBot different from ChatGPT or Claude? It's essentially "Claude with hands" - an AI that doesn't just chat but actually does things. It can execute code, manage files, send emails, and automate complex workflows across your entire system.
ClawdBot's architecture is what sets it apart from traditional AI assistants. Here's how it operates:
Runs directly on your Mac, Windows, or Linux machine - no cloud dependency for core functions.
Connects to WhatsApp, Telegram, Slack, Discord, Signal, and iMessage so you can chat from anywhere.
Has permission to read/write files, execute shell commands, and control your browser.
Connect to Claude, GPT-4, Gemini, or run local models through LM Studio.
The system uses a "Gateway" process that maintains connections to your messaging platforms, while "Skills" extend functionality similar to plugins. Everything flows through Claude Code (or another AI model) which actually processes requests and generates actions.
Unlike ChatGPT that resets every session, ClawdBot remembers your preferences, past conversations, and ongoing tasks in local files (MEMORY.md, SOUL.md).
Set up cron jobs to check your email, monitor social media, or send daily briefings without being asked.
Native connections to Google Workspace, Twitter/X, Spotify, Obsidian, Home Assistant, and dozens more.
Write, test, and run code directly. It's essentially Cursor or Claude Code built into your personal assistant.
Kick off parallel tasks that run in the background while you continue chatting about other things.
Define your assistant's personality through the SOUL.md file - make it more proactive, formal, or casual.
Many businesses are exploring ClawdBot for automation. Here are the most common use cases:
While ClawdBot offers powerful capabilities, it requires significant technical expertise to set up securely. Most business users report spending hours on configuration, and security researchers have found widespread vulnerabilities in production deployments.
Despite the hype, ClawdBot comes with serious risks that every user should understand. Security researchers and the crypto community have uncovered multiple concerning issues.
Over 1,009 ClawdBot gateways are publicly accessible on the internet. Many have no authentication, allowing anyone to view API keys, conversation histories, and OAuth credentials.
Source: Bitdefender Security ResearchUsers report spending $100-300+ per day on API costs. One user burned through $300 in just 2 days doing basic tasks. The AI chooses expensive models (like Claude Opus) by default.
Source: Hacker News DiscussionSecurity researchers demonstrated obtaining private keys 'in five minutes' using prompt injection. Malicious emails or web content can manipulate the AI to exfiltrate data.
Source: InfoStealers ReportClawdBot stores sensitive 'memories', user profiles, and authentication tokens in plaintext Markdown and JSON files. If compromised, attackers gain a psychological dossier of the user.
Source: TrendingTopics EUDuring the rebrand to MoltBot, scammers hijacked the old accounts in 10 seconds and promoted a fake $CLAWD token that reached $16 million before crashing, leaving victims with losses.
Source: DEV CommunityLet's be direct: ClawdBot is not designed for non-technical users. The project's own FAQ acknowledges this reality:
"Running an AI agent with shell access on your machine is... spicy. There is no 'perfectly secure' setup."
| User Type | Recommendation |
|---|---|
| Experienced Developers | Proceed with caution - understand the risks |
| DevOps/Security Engineers | Can properly isolate and secure |
| Small Business Owners | Consider managed alternatives |
| Non-Technical Users | Not recommended - too many risks |
| Feature | ClawdBot | ChatGPT/Claude | Dooza |
|---|---|---|---|
| Setup Difficulty | Complex (hours) | Easy | 5 minutes |
| Take Real Actions | Yes | No | Yes |
| Security | You manage it | Managed | Managed |
| Monthly Cost | $100-300+/day | $20-200/mo | $29/mo |
| Technical Expertise | Required | None | None |
ClawdBot represents a fascinating glimpse into the future of AI assistants - one where AI can actually take action on your behalf. For developers and security-conscious power users, it's an impressive piece of engineering worth experimenting with.
However, for business owners and non-technical users, the risks currently outweigh the benefits. The combination of security vulnerabilities, extreme costs, and required technical expertise makes it unsuitable for most business applications.
If you want AI automation without the complexity, consider managed solutions that offer pre-built, secure AI employees with predictable pricing and no coding required.
Dooza offers pre-built AI employees for email, social media, SEO, and sales - all secured and maintained for you.
ClawdBot is an open-source personal AI assistant created by Peter Steinberger that runs locally on your computer. It integrates with messaging apps like WhatsApp, Telegram, and Slack, and can execute tasks, write code, and automate workflows with full system access.
ClawdBot itself is free and open-source, but it requires API access to AI models like Claude or GPT. Users report spending $100-300+ per day in API costs for active use, making it expensive for regular business use.
Security researchers have identified significant vulnerabilities including exposed control panels, credential leaks, and prompt injection risks. Over 1,000 ClawdBot instances have been found publicly accessible without authentication. It's recommended only for technical users who can properly secure their installation.
ClawdBot was rebranded to MoltBot on January 27, 2026, after Anthropic issued a trademark request due to the name's similarity to 'Claude'. The software functionality remains the same under the new name.
While ClawdBot offers powerful automation capabilities, it requires significant technical expertise to set up and maintain securely. For non-technical users, managed AI solutions may be more practical and safer alternatives.
Alternatives include managed AI platforms like Dooza (which offers pre-built AI employees without coding), ChatGPT for conversational tasks, and specialized tools like Reclaim for scheduling. The best choice depends on your technical expertise and security requirements.
MoltBot is ClawdBot rebranded. Discover why the viral AI assistant changed names, the crypto scam that followed, and what security risks remain in 2026.
Confused by the jargon? We break down the differences between Generative AI, AI Agents, and Agentic AI in simple terms.
Join thousands of companies using Workforce to automate their work. Get started for free today.
No credit card required · 14-day free trial · Cancel anytime