Basic Briefing: The Clawdbot / Moltbot / OpenClaw Fiasco — What It Is and Why You Should Wait

February 2, 2026 • 5 min read

In early 2026 – literally a few days ago as of this writing, a new open-source AI tool exploded in popularity, drawing attention beyond the usual developer crowd. It goes by the name OpenClaw today — but just a few weeks ago, it was known as Clawdbot, and briefly as Moltbot before that. The rapid rise and even faster chaotic history of this project shows why everyday users should be cautious and avoid running it on personal machines or exposing it to the internet — at least right now.

OpenClaw is powerful and interesting, but right now it’s not safe for most home users — especially if you don’t fully understand how it works or how to lock it down. Security problems have already exposed API keys, chat info, private messages, and credentials because of misconfigurations and software design choices that assume a technical audience.

What is OpenClaw?

OpenClaw is an open-source AI agent platform that lets you connect large language models like OpenAI or Anthropic to your apps, messages, calendars, automation scripts, and more. It’s designed to do things for you instead of just chat — for example, send messages, check your calendar, run automated tasks, or integrate with WhatsApp, Telegram, Slack, Discord, Signal, and similar apps.

Some early fans even bought computers like Mac Minis just to run it — which is part of why the situation became so chaotic – and why it is very difficult to find a Mac Mini for sale at the time of this writing.

Why It Made Headlines (and Not Just Good Ones)

Rapid Name Changes and Confusion

In less than two weeks the project changed names several times — from Clawdbot → Moltbot → OpenClaw — mostly due to trademark pressure and community chaos. That got attention, but it also opened the door to scams and impersonators, especially in the cryptocurrency world.

Security Researchers Found Exposed Instances

Security researchers used internet scanning tools to find hundreds of OpenClaw/Clawdbot control panels exposed to the public internet with no authentication at all. Because these panels store API keys, credentials, configuration data, and private chats, this means they could be easily found and accessed by attackers.

Exposed API Keys = Keys to Your Accounts

API keys are like passwords that let software talk to services such as cloud AI platforms, messaging APIs, or crypto wallets. If someone steals these keys, they can act as you — sending messages, extracting data, or using your paid services. Many of these exposed instances leaked private API keys, OAuth tokens, and chat histories when improperly set up. Also some API keys are bound to services that charge their customers per use!

Malicious Add-Ons and “Skills” Popping Up

Because OpenClaw supports plugins or “skills,” attackers have already uploaded malicious extensions masquerading as useful tools (like crypto trading helpers) that secretly deliver malware or attempt social engineering attacks.

Fake Versions Spread Malware

Attackers have impersonated OpenClaw/Moltbot by releasing fake downloads (for example, Visual Studio Code extensions) that contained trojans — unwanted malware that can install backdoors or remote access tools.

Why This Matters for Home Users

Even if you’re not a developer, here’s why you should care.

There’s no built-in safety sandbox

OpenClaw’s architecture lets it read and write files, execute scripts, manage messaging platforms, and run commands with the same access your user account already has. That’s powerful — and risky — if something goes wrong.

Misconfiguration makes things worse

Many early deployments — especially those copied straight from tutorials — left control panels open without a password or any protection. That means anyone scanning the internet could find them.

API keys are stored in plain text

Because of how OpenClaw manages credentials, private API keys and login tokens can be saved in files that attackers could copy if they find the exposed server.

The project is changing fast

OpenClaw’s rapid rebrands and continuing changes mean documentation and safety best practices are moving targets — confusing even tech enthusiasts. The agents are communicating with each other over the Internet, without their owner’s permission or knowledge. With hundreds of thousands of reported “free will” connections these agents are communicating with each other and sharing all kinds of information with their counterparts, they could even be talking about you!

Wolves in sheep’s clothing

There are reports that these social networks where the agents communicate may actually be humans in disguise, some good guys checking the system but likely more bad guys than good guys. You’ll never really know until you see your information on some X tweet.

Bottom Line for Everyday Users

Right now, this is not a “set it and forget it” tool. Here’s why home users should wait and avoid it for now:

It’s not designed with consumer safety defaults — so if you install it on your Mac or PC without proper server security knowledge, you risk exposing your sensitive data.
Exposed instances have already leaked private keys, messages, and credentials.
Fake downloads and malicious plugins are already spreading malware.
The security landscape is still unsettled and evolving rapidly.

So if you’re not a developer or security professional, the safest choice right now is to not install or run OpenClaw (or its older Clawdbot/Moltbot versions) on your machine — and especially do not expose it to the internet. Wait for secure, managed alternatives or until the project has hardened security defaults.