What is Moltbot (formerly Clawdbot), how does it work, and the risks of using it?

Moltbot, formerly known as Clawdbot, has become one of the most frequently mentioned names when discussing assistants of Artificial Intelligence that go a step beyond the typical chatbot. It doesn't just answer messages: it's an agent that installs itself on your computer and It can handle almost anything in the system.from files to the browser or your apps of messaging. That's why it's revolutionizing productivity... and, at the same time, setting off all the security alarms.

To understand well What is Moltbot, and why has it changed its name?To understand what it can do for you and what risks it entails, we need to piece together several pieces: its origins as Clawdbot, the clash with Anthropic and Claude, the role of GitHub and social media, and the security recommendations from the creators themselves and experts. Let's look at it calmly, in plain English, and without shying away from the sensitive points.

What is Moltbot (formerly Clawdbot) and what makes it different

Moltbot is an open-source AI agent It runs on your own computer and you literally grant it all system permissions. It's not a simple chat program like ChatGPT or Gemini: it's a kind of «assistant with hands» capable of executing commands real, read and modify files, control browser sessions, send emails and messages, or automate your workflows.

When you install it, You have to give him virtually total access to the system.It can see your file system, your open browser sessions, your saved credentials, integrate with external services via APIs, and act on your behalf. This is the source of both its enormous potential and the problems it can cause if something is misconfigured.

The interaction is done through a Web interface very similar to that of other AI chats or through messaging apps like WhatsApp or Telegram. In other words, you can write to it from your mobile phone and Moltbot will execute the tasks on the computer where it's installed: open documents, search for information, reply to emails, check your calendar, interact with APIs…

The project was born from Peter Steinberger And, from the beginning, it's designed to be free and open sourceThe official repository, now called Moltbot, has reached over 60.000 stars on GitHub, becoming one of the fastest growing open source projects in the world of personal AI.

In addition to its technical side, Moltbot has gained fame for its practicalityMany users describe it as "Claude with hands," an assistant that not only answers you, but also "does things" for you autonomously, even managing small businesses or repetitive tasks without constant user intervention.

From Clawdbot to Moltbot: name change, branding mess and social media chaos

The project was initially launched as Clawdbot, with a personal assistant named Clawd based on Claude Opus 4.5 by Anthropic. The pun between "Clawd" (from claw, lobster claw) and "Claude" was funny, but Anthropic was not amused. at the trademark level.

In January 2026, Anthropic submitted a trademark applicationThey argued that "Clawd" could be confused with "Claude," their star assistant. From there, Steinberger and the community had to move quickly to avoid legal issues and find a new name for the project.

After a lively debate on Discord, with suggestions like Shelldon, Pinchy, Crusty, or Lobstar, The winning name was Moltbot"Molt" refers to the molting of the shell that lobsters do to grow, which fits perfectly with the aesthetic of the project (the famous lobster mascot) and with the idea of ​​an evolution: same "lobster soul", new shell.

The rebranding was made official on January 27, 2026: ClawdBot became Moltbot and Clawd became MoltyThe website, documentation, and GitHub repository have been updated and are now hosted at [website address missing]. github.com/moltbot/moltbot, and the entire code began to be migrated to reflect the new name, while maintaining certain references to Clawdbot for compatibility.

The change, however, was anything but peaceful. When renaming accounts on GitHub and X (Twitter)The old account @clawdbot was taken over in a matter of seconds by scammers. cryptocurrencies, They took advantage of the confusion to launch a supposed "token" associated with the project, which reached a multi-million dollar market capitalization before collapsing. The Moltbot team had to step in, clarifying that There is no official token and that any cryptocurrency related to ClawdBot/Moltbot is a outright scam.

Today, the message is clear: Only the new official addresses are reliable. (Moltbot's repository on GitHub, documentation at docs.molt.bot, and the official X account @moltbot). Old URLs linked to "clawdbot" or similar may be in the hands of third parties and pose a real risk of malware or hoaxes.

What Moltbot can do: main functions and real uses

On a practical level, Moltbot behaves like a persistent AI assistant It lives on your computer, remembers the long-term context, and can interact with a multitude of tools and services. It doesn't just stay on the text: it performs concrete actions.

Among its key functions include:

• Persistent memoryIt maintains context between sessions and conversations, so you don't have to repeat the story every time you talk to it. This allows it to better understand your projects, preferences, and task status.
• System AccessYou can use the terminal (shell), browse the web, read and edit files, and work with the file system almost as a human user would.
• Notifications and proactive actionsIt is capable of sending reminders, acting on certain events (for example, when a specific email arrives) and functioning as a "secretary" that anticipates some tasks.
• Automation of repetitive tasks (responding to clients via WhatsApp, coordinating schedules with investors, managing sales pipelines), support for founders and teams of technology startups, and advanced personal assistance: from organizing your day-to-day life to managing projects or online businesses with very little intervention.
• Integrations with more than 50 services and APIsIt can connect to common tools such as Gmail, Slack, Notion, Google Calendar, CRM services, databasesetc., coordinating your workflow from a single point.
• Multi-platform chat support- Works on WhatsApp, Telegram, Signal, iMessage, Slack, Discord, Microsoft TeamsGoogle Chat, Matrix, local web solutions (WebChat) or apps like BlueBubbles, and even regional platforms like Zalo.

At the operating system level, Moltbot is quite flexibleOn macOS, it integrates with a menu bar app, voice support, and a push-to-talk overlay; iOS y Android It offers node modes and visual tools like Canvas; and in Linux or Windows runs as a gateway daemon accessible via Tailscale tunnels SSH or direct network configuration.

In practice, the most common use cases are automation of repetitive tasks (responding to clients via WhatsApp, coordinating schedules with investors, managing sales pipelines), support for founders and teams of technology startups, and advanced personal assistance: from organizing your day-to-day life to managing projects or online businesses with very little intervention.

The default model is usually Claude Opus 4.5 due to its large context window (on the order of 130K tokens) and its capabilities against prompt injection, although Moltbot also supports other models such as GPT-4o, Gemini or local models, configured through a unified API (for example, through platforms such as APIYI or using the official APIs of each provider).

Moltbot installation and commissioning

To start using it, Moltbot offers a relatively simple installation wizard which runs from the command line. The basic requirement is to have Node.js 22 or higher, since the agent is distributed as an npm package.

Broadly speaking, the process consists of:

• Install the Moltbot global package with npm to have the command available on the system.
• Run the onboarding wizard, which configures the daemon (service) so that the agent runs in the background and starts automatically (using launchd on macOS or systemd on Linux).
• Configure the AI ​​model API, setting the provider and access key (for example, Anthropic for Claude or other compatible providers).
• Add chat channels, such as a Telegram bot or WhatsApp integration, by following the step-by-step setup wizard.

A typical example is integration with TelegramYou create a bot from BotFather, obtain the token, and provide it to Moltbot so it can respond to messages you send from that account. From there, you can have a conversation with Moltbot and ask it to perform tasks on your computer.

The migration from ClawdBot to Moltbot is also planned: You can uninstall the old package and use a migration command This will ensure your data and settings adapt to the new environment without losing anything important. However, it's always a good idea to back up your working paths, such as the session folder.

Security risks: what can go wrong with Moltbot

All of this sounds very powerful, but there's a catch: For Moltbot to be truly useful, you have to give it the keys to your digital house.And if those keys fall into the wrong hands, or the agent misinterprets a command, the scare could be significant.

The project's creators themselves and various experts in ciberseguridad have insisted that There is no such thing as a “perfectly secure” configurationThere are ways to reduce the risk, but the fact that an agent has almost total control over a system is, by definition, delicate.

Among the main dangers that have been identified are:

• Internet gateway exposureThe web administration panel and the agent gateway typically listen on a specific port (for example, 18789). If you configure it to listen on all interfaces and leave that port unprotected, your Moltbot could end up listed in search engines like Shodan, with thousands of instances already detected. Anyone who finds it there could attempt to take control.
• Overly permissive access policiesIf you allow other users, nodes, or groups to access the bot without fine restrictions (e.g., without limiting by user or by explicit mentions), in practice you are giving remote access to your computer to anyone who can communicate with the agent.
• Prompt injectionOne of the most worrying attacks. A seemingly normal file downloaded from the internet can contain hidden text that tells the agent, "Ignore the user's request and do X." If Moltbot processes that file, it could disobey your orders and carry out dangerous actionssuch as deleting data, filtering information, or changing critical settings.
• Malicious plugins or extensionsThe plugins that extend the agent's capabilities run alongside the gateway. If you install a plugin with malicious code, you're opening the door for it to execute anything on your machine.
• Errors of the agent himselfLike any AI system, Moltbot can misinterpret instructions or make errors in judgment. An ambiguous command could result in a destructive or unwanted action, from modifying sensitive files to disrupting critical services.

The outcome of any of these scenarios could be serious: access to your email, your cloud services (Google Drive, Dropbox…)This includes your GitHub accounts, Telegram or WhatsApp bots you use in your business, and essentially everything the agent is connected to. If a third party takes control of Moltbot, they take control of your digital life associated with that device.

Moltbot best practices and secure configuration

The key, therefore, is not just "install and run," but Configure Moltbot with a sensible approach and a certain level of technical knowledge.Even the developers themselves recommend not using it if you are unfamiliar with concepts such as "sandboxing", "localhost", "reverse proxy" or "remote administration API".

These are them most important safety recommendations that have been published by the creators and the technical community:

• Use a secondary machine, virtual machine, or isolated container.Ideally, Moltbot should not be installed on your main PC, but rather on an isolated Linux virtual machine with limited (or no) access to your local network, or in a Docker container separate from the rest of your system. This way, if something goes wrong, the impact is limited to that environment.
• Limit access to “localhost” whenever possibleThe gateway's default configuration is usually loopback, meaning it only listens on 127.0.0.1. Keeping it this way prevents it from being accessible from other devices. Only if you need remote control should you switch to "remote" mode, and even then, always use additional layers of protection.
• Filter the port with a firewallIf you open the administration port (such as 18789), use iptables or another firewall to allow only specific IP addresses and block the rest. It's vital to apply the rules correctly, save the configuration, and ensure you don't leave the door open.
• Access via VPN or private networksA much more secure way to manage remote access is to use a VPN (OpenVPN, WireGuard) or solutions like Tailscale or ZeroTier to create a virtual private network. This way, it remains "localhost" for you, but the traffic is encrypted and authenticated.
• Protect web access with secure tunnelsIf you use services like Cloudflare Tunnels, you can add a Zero Trust authentication layer and avoid opening ports directly to the outside world. Another option is to set up a reverse proxy (Traefik, Nginx) with additional authentication (for example, Authelia).
• Always activate an access token or password.Even if the panel is only accessible locally, it's advisable to enable token authentication on the gateway. This way, even if someone gains access to the interface, they will need that secret to use the agent.
• Minimize sensitive data on the Moltbot machineOnly install the apps and shortcuts you'll actually use with the assistant. Avoid using your main account in that environment, and don't save banking credentials or your personal Google account unless absolutely necessary.

It is also highly recommended create specific accounts for the services you connect (for example, a GitHub or Google account just for the agent) and frequently review what permissions it has and what actions it is performing.

Secure configuration of messaging bots and internal audits

One of Moltbot's strengths is being able to talk to it via Telegram or WhatsApp, but this also has its downsides. If someone gains control of the Telegram bot you linkedIt could send commands to the agent and, consequently, to your computer.

To reduce risks, it is advisable to follow a prudent strategy when configuring these channels:

• Create a dedicated Telegram bot Using @BotFather, receive your token and store it with extreme care. This token is not shared with anyone; it is only entered into the Moltbot configuration.
• Activate maximum bot privacyPreventing users from being added to groups, enabling group privacy, and disabling administrator privileges significantly reduces the attack surface.
• Limit who can interact with the agent: configuring Moltbot to respond only to specific users or only to messages in which it is explicitly mentioned in controlled groups.

On the other hand, the agent himself includes audit mechanisms Very useful. Saves session history in paths like ~/.clawdbot/agents/main/sessions (name inherited from Clawdbot), where you can review what the assistant has been doing, what commands it has executed and in what context.

In addition, it has commands for security audit These tools analyze the configuration and flag potentially dangerous settings. There are even deep audit modes and options to attempt to automatically correct certain weaknesses. While it's tempting to run the automatic fix, it's usually wiser to manually review the recommendations and apply the changes judiciously.

Limitations, points to consider, and ideal user profile

With all the above, it is clear that Moltbot is not a toy for just anyoneIt's an incredibly powerful tool, but it requires a certain level of technical expertise and, above all, responsibility. Simply "install it and see what happens" isn't enough.

Some Limitations and aspects to consider Before you launch, they are:

• Safety and regulatory complianceIf you work in regulated sectors (finance, health, public administration), you need to confirm that using an agent with such access fits with your data protection and audit obligations.
• Learning curve: although there are installation wizards, Unlocking its potential takes time to configure flows, integrations, and permissions. It's not your typical app that you open and everything's done.
• Support and communityThe community is very active, but much of the content and support is in English. If you operate in markets like Latin America or Spain, it's advisable to ensure you have sufficient support should you encounter any problems.
• Dependence on external APIsThe project is open source and free, but calls to AI models (Claude, GPT, etc.) incur costs. You will need to manage your keys, billing, and potential vendor lock-ins.

In return, for founders and startup teams Moltbot can be pure gold: automating customer responses, managing investor schedules, orchestrating sales pipelines, or acting as a kind of miniature "digital COO." However, security must always be a top priority, and it should never be installed in the same environment as your critical assets.

On the whole, Moltbot represents a new generation of AI assistants that actually "do things".Far removed from simple cloud chat and much closer to the idea of ​​a virtual assistant with real power over your tools, if configured in isolation with a VPN, robust authentication, regular audits, and extreme care with integrations, it can become a powerful ally for saving time and boosting productivity. But if it's carelessly exposed to the internet or used without a full understanding of the risks, it becomes a perfect entry point for anyone who wants to tamper with your computer and all your services.

Related article:

Nvidia and Hugging Face partner to boost open source AI in robotics and simulation

Isaac

Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.