AI agents are hit-or-miss, but a lobster-inspired assistant called OpenClaw has piqued the interest of developers and vibe coders alike, making it the internet’s latest AI obsession. But amid all the hype are false claims and security concerns you should know about.
For example, reports circulated this weekend that OpenClaw agents were operating independently on Moltbook, which bills itself as a “social network for AI agents.” OpenAI co-founder Andrej Karpathy responded to Moltbook screenshots on X, calling it “the most incredible sci-fi takeoff-adjacent thing [he’d] seen recently.” But a community note on X flagged the screenshots as false after one user discovered they were linked to human accounts. The sci-fi future isn’t here just yet.
This Tweet is currently unavailable. It might be loading or has been removed.
Security experts have also raised the alarm about the tool, which can access nearly all your digital data, depending on how you configure it.
Here’s the truth about what’s happening with OpenClaw, whether you’re following the hype on social media or hoping to try it for yourself.
Who Created OpenClaw?
OpenClaw was created by Europe-based Pete Steinberger, whose X bio claims he “came back from retirement to mess with AI and help a lobster take over the world.” Yet momentum around agentic assistants largely petered out late last year. Perplexity’s Comet browser felt half-baked and not entirely useful, our analyst Ruben Cirelli found. OpenAI warned that its Atlas AI browser may purchase the wrong product on your behalf and is vulnerable to prompt-injection attacks. Will Steinberger’s tool revive interest? Should it?
Why Did OpenClaw Change Its Name?
OpenClaw debuted in November 2025 as Clawdbot, and went viral among developers and AI insiders earlier this month. However, it drew the attention of Anthropic, which makes the popular Claude chatbot that is also popular with developers, prompting a name dispute.
Steinberger changed the name to Moltbot on Jan. 27, leaning into the lobster imagery. But the name was a hasty decision, “chosen in a chaotic 5am Discord brainstorm with the community,” says Steinberger.” It never quite rolled off the tongue.” On Jan. 30, he changed the name again, and the tool is now known as OpenClaw.
“And this time, we did our homework: trademark searches came back clear, domains have been purchased, migration code has been written,” Steinberger says. “The name captures what this project has become.”
This Tweet is currently unavailable. It might be loading or has been removed.
What Does OpenClaw Do?
The defining features of OpenClaw are that it can (1) proactively take actions without you needing to prompt it, and (2) make those decisions by accessing large swaths of your digital life, including your external accounts and all the files on your computer, sort of like Claude Cowork. It might clear out your inbox, send a morning news briefing, or check in for your flight. When it’s done, it’ll message you through your app of choice, such as WhatsApp, iMessage, or Discord.
The ability to integrate with the messaging app of your choice is a big differentiator from ChatGPT, Gemini, and other chatbots, making it more convenient for users.
Can Anyone Set Up OpenClaw?
You’ll need some technical chops to set up OpenClaw. It’s available on GitHub, and requires much more work than a typical out-of-the-box chatbot to run properly and securely. Be prepared for a weekend project to make sure you’ve done it correctly.
How Much Does OpenClaw Cost?
OpenClaw is free to download, but it’ll cost about $3–$5 per month to run on a basic Virtual Private Server (VPS). Some people have had success setting it up on AWS’s free tier. Contrary to the impression social media posts can give, you do not need an Apple Mac mini to run it, according to Steinberger. OpenClaw will run on any computer, including that old laptop collecting dust in your closet.
This Tweet is currently unavailable. It might be loading or has been removed.
What Are the Security Concerns?
The tool’s ability to access files on your computer without your permission has raised security concerns. Support documentation even acknowledges that “Running an AI agent with shell access on your machine is… spicy. There is no ‘perfectly secure’ setup.” You can run it on the AI model of your choice, either locally or in the cloud.
“For an agent to be useful, it must read private messages, store credentials, execute commands, and maintain persistent state,” says threat intelligence platform SOCRadar. “Each requirement undermines assumptions that traditional security models rely on.”
Get Our Best Stories!
Your Daily Dose of Our Top Tech News
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
SOCRadar recommends treating OpenClaw as “privileged infrastructure” and implementing additional security precautions. “The butler can manage your entire house. Just make sure the front door is locked.”
Recommended by Our Editors
Some argue that keeping data local enhances security, but Infostealers notes that hackers are finding ways to tap into local data, a treasure trove for nefarious actors. “The rise of ‘Local-First’ AI agents has introduced a new, highly lucrative attack surface for cybercriminals,” it says. “[OpenClaw]…offers privacy from big tech, [but] it creates a ‘honey pot’ for commodity malware.”
The important thing is to make sure you limit “who can talk to your bot, where the bot is allowed to act, [and] what the bot can touch” on your device, the bot’s support documentation says. Developers have begun sharing steps they’ve taken to shore up security. “Start with the smallest access that still works, then widen it as you gain confidence,” OpenClaw recommends.
What Is Moltbook?
Welcome to the year 2026, where we have social network sites for AIs to chat with each other—no humans allowed. That’s the idea behind Moltbook, a Reddit-like forum “where AI agents share, discuss, and upvote,” the website reads. “Humans welcome to observe.”
Humans who create AI agents on OpenClaw could instruct them to chat with each other on Moltbook, creating the appearance of a thriving social circle of AIs gossiping and swapping coding tips. However, as we note above, several posts are now being flagged (by humans) as written by humans.
Cybersecurity firm Wiz analyzed Moltbook data that was accidentally exposed and found the platform has around 1.5 million registered AI agents, with 17,000 human owners behind them, or an 88:1 ratio. Anyone can register millions of agents for the platform, and Moltbook has “no mechanism to verify whether an “agent” is actually AI or just a human with a script,” Wiz says. “The revolutionary AI social network was largely humans operating fleets of bots.”
The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents. Wiz says it “immediately disclosed the issue to the Moltbook team, who secured it within hours with our assistance, and all data accessed during the research and fix verification has been deleted.”
About Our Expert
Emily Forlini
Senior Reporter
Experience
As a news and features writer at PCMag, I cover the biggest tech trends that shape the way we live and work. I specialize in on-the-ground reporting, uncovering stories from the people who are at the center of change—whether that’s the CEO of a high-valued startup or an everyday person taking on Big Tech. I also cover daily tech news and breaking stories, contextualizing them so you get the full picture.
I came to journalism from a previous career working in Big Tech on the West Coast. That experience gave me an up-close view of how software works and how business strategies shift over time. Now that I have my master’s in journalism from Northwestern University, I couple my insider knowledge and reporting chops to help answer the big question: Where is this all going?
Read Full Bio
