When I was asked about what AI tools I was trying out in my recent interview on the Enlightened Fractionals podcast, one of the tools I named was Clawdbot. But I was already out-of-date enough to have used the incorrect name, because it had been changed to Moltbot. Or maybe it had been re-renamed to its current name (at least at the time of writing), OpenClaw.
Clawdbot, Moltbot, OpenClaw: What is this thing?
OpenClaw is an open-source AI assistant that went from launch to viral sensation to full-on crisis management mode in just five days. It originally went by the name I used, Clawdbot, but then rebranded twice:
- From ClawdBot to Moltbot after Anthropic raised trademark concerns about the name’s similarity to Claude. Let’s face it, the name “ClawdBot” was a reference to Claude, and the misspelling was intentionally meant to prevent the kind of IP violation concern that they ended up running into. “Moltbot” is a reference to molting, which is when a lobster sheds its outer shell and emerges with a new, soft shell as its exoskeleton.
- From Moltbot to OpenClaw after creator Peter Steinberger simply decided he didn’t like the interim name.
Throughout the chaos, the project now know as OpenClaw has attracted over 144,000 GitHub stars, along with crypto scammers, handle-sniping bots, and a lot of cybersecurity practitioners’ attention.
What makes OpenClaw different?
- Unlike traditional AI chatbots that live on dedicated websites, OpenClaw integrates directly into to a number of messaging apps, and it’s pretty likely you already use at least one of them. You can interact with it using WhatsApp, Telegram, iMessage, Slack, Discord, or Signal. Using OpenClaw is like texting or messaging a friend, and it routes your messages to whichever LLM you choose while handling task automation locally.
- OpenClaw runs on a computer (real or virtual) that you control and gives the LLM access, allowing it to take action on your behalf.
The promise of a real AI assistant
OpenClaw offers three standout capabilities:
- Persistent memory: OpenClaw remembers from session to session and doesn’t forget everything when you close the app. It learns your preferences, tracks ongoing projects and actually remembers conversations you had and what you tell it.
- Proactive notifications: OpenClaw notifies you about important things, such as daily briefings, deadline reminders and email triage summaries. You can wake up to a text saying, “Here are your three priorities today,” without having to ask the AI first — it does so proactively.
- Real automation: Because you can grant OpenClaw read and write access to your local filesystem and browser access, it has been described as “an LLM with hands.” It can schedule tasks, read and re-organize your files, fill out forms, search and reply to your email, generate reports, and control smart home devices. It’s been used for thinngs like achieving “inbox zero” to handling research threads that run for days, habit tracking, and providing automated weekly recaps of what they shipped.
Real talk: Should you try OpenClaw or wait?
At this point, I feel the need to remind you that Clawdbot/Moltbot/OpenClaw is an open source project moving at AI speed that’s been in use by early adopters for only a week. And it that time, the project has faced the threat of cancellation via trademark lawyers, and some of its user base have fallen prey to crypto scammers while others have failed to grasp its security implications and have exposed their private information to the ’net at large.
If you need something that “just works” and has something like a one-click install, I suggest waiting. The things OpenClaw does are too cool and convenient to be ignored. If the OpenClaw people don’t make a safer, simpler version, someone else most definitely will (and get rich in the process).
Serious security considerations
Just Google “security” and “openclaw” (or “clawdbot” or “openmolt”) and you’ll see articles written by all manner of security experts who’ve flagged significant risks with OpenClaw’s architecture. It runs on your local computer and can interact with emails, files, and credentials on that computer. If you configure it the wrong way, you can unintentionally expose private data such as API keys.
Researchers have already discovered numerous publicly accessible OpenClaw instances that have little or no authentication. OpenClaw also creates what one security analyst called a “hybrid identity” problem, where it operates as you, using your credentials after you’ve logged off. This kind of “digital twinning” was largely in the realm of science fiction until last week, and ,ost security systems aren’t designed to handle it.
The current OpenClaw situation (which is subject to change very, very quickly)
Despite the initial hiccups (and there will be more), OpenClaw continues to grow. It’s got an active Discord community, it keep collecting GitHub stars, and the team appears to have learned some lessons about viral success and security practices. Expect to see more posts and stories about it over the next few weeks.
7 tips for getting started with OpenClaw
- If you’re feeling confident about trying it out, go to openclaw.ai and review the documentation thoroughly. Before installing anything, read through the official guides to understand the architecture, requirements, and how the message routing to LLM providers works. This will help you make informed decisions about your setup.
- Complete the security checklist before deployment. This is new software in a new field where we learn new things every day. Given the documented vulnerabilities in early deployments, prioritize authentication configuration, ensure your instance isn’t publicly accessible, and never expose API keys. Consider using a dedicated machine or virtual environment rather than your primary computer. (I’m currently using a Raspberry Pi 500 for this purpose.)
- Beware of Mac Mini scams. Speaking of dedicated machines, the Mac Mini, thanks to its fast Apple Silicon processors and fantastic memory bandwidth, has become the preferred AI development machine and the preferred OpenClaw platform. Enterprising con artists have found out how in-demand Mac Minis are and have been posting scam ads on places like Facebook Marketplace. I’ll write an article about my own experiences with such scammers soon.
- Choose and configure your LLM backend. Decide if you want to use one of the bigger paid services like Claude, ChatGPT, or Gemini, and understand the associated costs before connecting them to OpenClaw (you might want to consider DeepSeek). You can also go with a local model, which is what I’m doing.
- Start with a single messaging integration. Don’t go nuts. Pick one messaging platform to use with OpenClaw to test the waters (I suggest Discord). This limits your exposure while you learn how OpenClaw behaves and what permissions it actually needs.
- Limit its destructive capability and start by giving OpenClaw only read-only automation. Start by letting OpenClaw summarize emails or provide briefings before giving it “write” access to send messages, modify files, or execute commands on your behalf. Begin slowly and safely, then gradually expand its permissions as you become more certain about your security configuration and how OpenClaw behaves.
- As a reminder of the dangers of letting an AI agent run wild on your behalf, I strongly recommend you watch the Sorceror’s Apprentice part of the Walt Disney animated film Fantasia. In case you don’t have a Disney+ account, I’ve posted it in the YouTube embeds below:
