Security researchers warn Moltbot, previously Clawdbot, requires a specialist skillset to use safely, as data exposure risks persist even when set up correctly
The massively hyped agentic personal assistant has security experts wondering why anyone would install it
The Register Connor Jones
Related Coverage
- Users flock to open source Moltbot for always-on AI, despite major risks Ars Technica · Benj Edwards
- Everyone Really Needs to Pump the Brakes on That Viral Moltbot AI Agent Gizmodo · AJ Dellinger
- Viral Moltbot AI assistant raises concerns over data security BleepingComputer · Bill Toulas
- Moltbot/Clawdbot: an expensive and insecure AI agent that doesn't work Pivot to AI · David Gerard
- The Moltbot / ClawdBots Epidemic SOC Prime · Ruslan Mikhalov
- From Clawdbot to Moltbot: How This AI Agent Went Viral, and Changed Identities, in 72 Hours CNET · Macy Meyer
- The viral Clawdbot AI agent can do a lot for you, but security experts warn of risks Digital Trends · Manisha Priyadarshini
- Deploying Moltbot (Formerly Clawdbot) Michael Tsai
- Moltbot Is Taking Over Silicon Valley Wired · Will Knight
- Clawdbot (Now Moltbot) Is the Hot New AI Agent, But Is It Safe to Use? PCMag · Emily Forlini
- AI assistant Moltbot is going viral - but is it safe to use? ZDNET · Webb Wright
- Moltbot Punched Through Every Security Wall. Attackers Followed. Implicator.ai · Marcus Schuler
- Moltbot Left the Door Open. Tesla Bet the Factory. Implicator.ai · Marcus Schuler
- A backdoor was the “most downloaded” skill for viral Clawdbot/Moltbot - and why that matters The Stack · Noah Bovenizer
- LOL really, who would be so dumb to give their AI “agent” root access? — https://gizmodo.com/... #AI #llm #cybersecurity @ai6yr@m.ai6yr.org
- The AI agent craze is molting into a security nightmare Tech Brew · Whizy Kim
- Beware of using Clawdbot or Moltbot, warn security researchers: Here's why Digit · Vyom Ramani
- Silicon Valley's latest AI fixation poses early security test Axios · Sam Sabin
- Moltbot is a security nightmare: 5 reasons to avoid using the viral AI agent right now ZDNET · Charlie Osborne
- Personal AI Agents like Moltbot Are a Security Nightmare Cisco Blogs
- Infostealers added Clawdbot to their target lists before most security teams knew it was running VentureBeat · Louis Columbus
- Introducing Moltworker: a self-hosted personal AI agent, minus the minis Cloudflare · Celso Martinho
- The Tech World Loves This Powerful AI Agent—But It's Also ‘a Security Nightmare’ Inc.com · Ben Sherry
Discussion
-
@theonejvo
Jamieson O'Reilly
on x
hacking clawdbot and eating lobster souls
-
@theonejvo
Jamieson O'Reilly
on x
eating lobster souls Part II: the supply chain (aka - backdooring the #1 downloaded clawdhub skill)
-
@llmjunky
@llmjunky
on x
Whoa. This is truly unbelievable. This white hat is providing over-eager AI builders a much-needed wake up call. Jamieson built a backdoored Claude skill, inflated it to #1 on ClawdHub with 4,000+ fake downloads, then watched devs from all over the world execute what could have
-
@theonejvo
Jamieson O'Reilly
on x
eating lobster souls Part III (the finale): Escape the Moltrix
-
@irl_danb
Dan
on x
a couple weeks ago I wrote a https://prose.md/ program that spawns an agent swarm to scan your skills directory for vulnerabilities. try it: npx skills add openprose/prose then, in your favorite agent harness: prose run irl-danb/skill-scan
-
@antoine_moyroud
Antoine Moyroud
on x
Another great post from @theonejvo « Here's the thing that should concern everyone building in this space: I found all three vulnerabilities in a single week, in a single product, while doing this part-time between other work. The tools we're building are powerful and the pace
-
@thedevilops
@thedevilops
on x
Great trilogy of articles on security and clawd-like agents, be careful out there, stay safe before playing too much into your core accounts and secrets
-
@mattjay
Matt Johansen
on x
Holy shit. I saw this skill at the top of ClawdHub last night. While some friends were talking about the one right below it on the download count list. And Jamieson just proved it was purposefully malicious to prove the point that these shouldn't be trusted blindly.
-
@theonejvo
Jamieson O'Reilly
on x
eating lobster souls Part III (the finale): Escape the Moltrix
-
@campuscodi.risky.biz
Catalin Cimpanu
on bluesky
Here's even more reports on this disaster of an AI framework — www.intruder.io/blog/clawdbo... www.netskope.com/blog/moltbot... www.token.security/blog/the- cla... [embedded post]
-
@osmo999
Osama
on x
The Localhost Loophole The Vulnerability: javascript >>> if (socket.remoteAddress === '127.0.0.1') { return autoApprove(); // FATAL FLAW } Attack Flow: Attacker → Reverse Proxy → Forwarded as localhost → Auto-approved → OWNED Root Cause: - Default config: [image]
-
@mattyryze
Matthew Graham
on x
do I think clawd/molt is quite brilliant and a potential game-changer? absolutely. do I also think it's hilariously unsafe? also absolutely. [image]
-
@morganlinton
Morgan
on x
ClawdBot is amazing - it absolutely deserves all the attention it's getting. But, a lot of people are going to get hacked. And that's because way too many people are diving in without thinking about security. Security researchers have already shown how prompt injection can be [im…
-
@osmo999
Osama
on x
As an AI engineer, I spent the last 48 hours neck-deep in Clawdbot's (now Moltbot's) code and deployment patterns While testing common self-hosting setups, I found multiple critical security risks that are easy to hit in real-world use This matters because the project went [image…
-
@osmo999
Osama
on x
The Exposure Crisis Key Stats: - 1,009 Clawdbot gateways exposed on public internet - Hundreds with NO authentication - Discovered immediately via Shodan searches What's at Risk: - API keys fully exposed (Anthropic, OpenAI, Telegram, Slack) - Months of private chat history [image…
-
@steipete
Peter Steinberger
on x
The amount of crap I get for putting out a hobby project for free is quite something. People treat this like a multi-million dollar business. Security researchers demanding a bounty. Heck, I can barely buy a Mac Mini from the Sponsors. It's supposed to inspire people. And I'm
-
@Viss@mastodon.social
@Viss@mastodon.social
on mastodon
oh no - people who are too lazy to think of stuff themselves or do research or learn things are installing an ai chatbot assistant insecurely, giving it access to all their shit, and then leaving that interface publicly exposed? — what a surprise! — https://www.bleepingcomput…
-
@yuchenj_uw
Yuchen Jin
on x
Clawdbot went viral, but I still haven't seen anyone use it for something truly impressive. AI agents are bottlenecked by model capability. Running open-source models on an Apple Mac mini feels private and cool, but you're capped by how good the model is. Even with the best
-
@aakashgupta
Aakash Gupta
on x
Cloudflare just made the Mac Mini optional for Moltbot. The whole Moltbot phenomenon ran on a specific setup: buy a Mac Mini, install the agent, expose it through Cloudflare Tunnels. Thousands of developers did exactly this. Apple probably sold more M4 Minis to AI hobbyists than
-
@cloudflare
@cloudflare
on x
Moltworker is a middleware Worker and adapted scripts that allows running Moltbot (formerly Clawdbot) on Cloudflare's Sandbox SDK and our Developer Platform APIs. So you can self-host an AI personal assistant — without any new hardware. https://blog.cloudflare.com/ ...