"Don't give it access to anything you wouldn't give a new contractor on day one."
We tried this with friends and it is truly magical (while crazy insecure) - i can ask my agent to search friends life, their preferences, about their calendars, what films they are watching. It can look at emails and find if you need something and go to people around asking for help. It is truly magical. Very very curious where it can go. At the moment it is exceptionally easy to exfiltrate anything, but you still can control via proper prompts - what you want to share and what you dont want to. I bet models will became better and eventually it wont be a problem.
Isn't this just a basic completion loop with toolcalling hooked up to a universal chat gateway?
Isn't that a one shot chatgpt prompt?
(Yes it is: https://chatgpt.com/share/6976ca33-7bd8-8013-9b4f-2b417206d0...)
Why's everyone couch fainting over this?
About the maintainer's github:
688 commits on Nov 25, 2025... out of which 296 commits were in clawdbot, IN ONE DAY, he prolly let lose an agent on the project for a few hours...
he has more than 200 commits on an average per day, but mostly 400-500 commits per day, and people are still using this project without thinking of the repercussions)
Now, something else i researched:
Someone launched some crypto on this, has $6M mktcap
https://www.coincarp.com/currencies/clawdbot/
Crypto people hyping clawed: https://x.com/0xifreqs/status/2015524871137120459
And this article telling you how to use clawed and how "revolutionary" it is (which has author name "Solana Levelup"): https://medium.com/@gemQueenx/clawdbot-ai-the-revolutionary-...
Make of that what you will
look at his contribution graph, it's absolutely wild
the crypto is obviously not official and just another scam, trying to ride the popularity
Make of that what you will
I am...disinclined to install this software.
Yes, he AI generated all of it, go through his articles at https://steipete.me/ to see how he does it, it’s definitely not “vibe coding”, he does make sure that what’s being output is solid.
He was one of the people in the top charts of using Claude Code a year back, which brought around the limits we know today.
He also hosts Claude Code anonymous meetups all over the world.
He’s overall a passionate developer that cares about the thing he’s building.
- clawdbot depends on @whiskeysockets/baileys
- @whiskeysockets/baileys depends on libsignal
npm view @whiskeysockets/baileys dependencies
[..] libsignal: 'git+https://github.com/whiskeysockets/libsignal-node.git', [..]
libsignal is not a regular npm package but a GitHub repository, which need to be cloned and built locally.
So suddenly, my sandbox profile, tuned for npm package installation no longer works because npm decides to treat my system as a build environment.
May be genuine use-case but its hard to keep up.
2. Access to my TODO list on Apple Notes and basically remind my ADHD brain that I ought to be doing something and not let it slip because it is uninteresting.
3. Have access to all models via API keys I configure and maintain a "research journal" of all the things I go to LLMs for - "research of bike that fits my needs" whatever and figure out if there needs to be a TODO about them and add if I say yes.
4. View my activity as a professional coach and nudge me into action "Hey you wanted to do this at work this year, but you haven't begun.. may be it is time you look at it Thursday at 3 PM?"
5. View my activity as a mental health coach and nudge me like "hey you're researching this, that and blah while X, Y and Z are pending. Want me to record the state of this research so you can get back to doing X, Y and Z?" or Just talk to me like a therapist would.
6. Be my spaghetti wall. When a new idea pops into my head, I send this secretary a message, and it ruminates over it like I would and matures that idea in a directory that I can review and obsess over later when there is time..
As you see, this is quite personal in nature, I dont want hosted LLMs to know me this deeply. It has to be a local model even if it is slow.
https://www.promptarmor.com/resources/superhuman-ai-exfiltra...
Or the many people putting content in their LI profiles, forums like these, etc because they know scrapers are targeting them ?
Or the above, for the users stating they are using it to scrape hn?
I only had time to skim this, but it doesn't seem like prompt injection to me, just good old fashioned malware in a node package.
Your other two examples do seem to open the door for prompt injection, I was just asking about documented cases of it succeeding.
It has a handful of core features:
- key obligations & insights are grok'd from emails and calendar events - these get turned into an ever-evolving always-up-to-date set of tasks; displayed on a web UX and sent to you in a personalized daily briefing - you can chat via telegram or email with the agent, and it can research/query your inbox or calendar/create or resolve tasks/email others/etc - if the AI identifies opportunities to be proactive (eg upcoming deadline or lack of RSVP on an event), it pings you with more context and you can give the green light for the agent to execute
Generally trying to identify finite list of busywork tasks that could be automated, and let users delegate the agent to execute them. Or, in the future (and with high enough confidence), let the agent just execute automatically.
Built the stack on Cloudflare (d1, Cloudflare Workers/Workfolows/queues, Vectorize), using gemini-3-flash as the model.
Would love any feedback: https://elani.ai.
So anyway long story short I made something like Clawdbot but in the cloud: https://stumpy.ai/
Didn't occur to me to design it to run locally and leave running on my machine. You can't close your laptop or Clawdbot dies? It can read all your files? Rather run agents in the cloud. I gave them sandboxes (Fly sprites) so you can still have them do software development or whatever.
Unclear what kind of quality you'll get out of it, but since the tokens are all local, kinda doesn't matter if it burns through 10x more for the same outcome.
[0]:https://www.docker.com/blog/clawdbot-docker-model-runner-pri...