Late last year, Peter Steinberger launched Clawdbot, an open source AI assistant that runs locally on a user's hardware and executes tasks instead of just chatting about them.
You message it through WhatsApp, Telegram, Slack, Discord, or iMessage, and it handles tasks across your digital life. It reads and responds to emails, manages your calendar, controls your browser, runs shell commands, and remembers everything through persistent memory stored locally on your machine.
Heck, Clawdbot even got people buying Mac mini devices in droves just so they could get their hands on its capabilities.
Like most viral projects, Clawdbot got served "a polite email asking for a name change" by Anthropic, the company behind Claude AI. Following a 5 AM community voting session on Discord, the project decided on the new Moltbot name.
Their branding, X handle, documentation, etc. have all been changed accordingly.
The project's woes didn't stop there, as Peter tweeted yesterday that his GitHub account's username was stolen by crypto scammers. The issue was a combination of him messing up the renaming of his account in a panic induced by the @clawdbot handle getting taken over by a crypto-flavored squatter and zealous malicious actors pouncing on the username.
Luckily, the fix came quickly in the form of the rebrand and Peter regaining access to his GitHub username. And, if you think things are calming down, I wouldn't hold my breath.
A Banquet of Security Holes
Rahul Sood, a known name in entrepreneurial circles, posted an article on X a few days ago, where he pointed out the issues with Moltbot. His main concern was prompt injection attacks.
Malicious PDFs or emails could trick the AI underneath into executing hidden commands. Since Moltbot connects to WhatsApp, Telegram, and Discord, any message, document, or webpage could become a potential attack vector.
Similar concerns were raised by another person, to which Peter replied with a list of existing safeguards that included things like enabling sandbox mode, using allowlists for commands, and running the built-in security audit tool.
If you think Rahul's word is not authoritative enough for you, then the folks over at InfoStealers have laid out how Moltbot stores sensitive information like user profiles, memories, and authentication tokens in plaintext files that any malware can read.
They coin it as "Cognitive Context Theft" because hackers get access not only to passwords but also to a user's entire workflow, routines, and who they talk to. Further adding that major Malware-as-a-Service (MaaS) families like Vidar, RedLine, and Lumma are already adapting to target it.
Suggested Read ๐: Ubuntu's Snap Store is Under Siege from Scammers
Sourav Rudra
