zlacker

Clawdbot Renames to Moltbot

submitted by philip+(OP) on 2026-01-27 18:08:36 | 249 points 177 comments
[view article] [source] [go to bottom]

NOTE: showing posts with links only show all posts
1. Malloc+pp[view] [source] 2026-01-27 19:49:02
>>philip+(OP)
As a result of this the official install is now installing a squatted package they don't control: https://github.com/moltbot/moltbot/issues/2760 https://github.com/moltbot/moltbot/issues/2775

But this is basically in line with average LLM agent safety.

2. janpio+Qr[view] [source] 2026-01-27 19:59:01
>>philip+(OP)
Motivation for rename: https://x.com/moltbot/status/2016058924403753024 https://xcancel.com/moltbot/status/2016058924403753024
3. achill+ps[view] [source] 2026-01-27 20:02:04
>>philip+(OP)
Already seeing some of the new Moltbot deployments exposed to the Internet: https://www.shodan.io/search/report?query=http.favicon.hash%...
◧◩
9. spondy+Zv[view] [source] [discussion] 2026-01-27 20:15:56
>>marcd3+Kt
This would seem to be inline with the development philosophy for clawdbot. I like the concept but I was put off by the lack of concern around security, specifically for something that interfaces with the internet

> These days I don’t read much code anymore. I watch the stream and sometimes look at key parts, but I gotta be honest - most code I don’t read.

I think it's fine for your own side projects not meant for others but Clawdbot is, to some degree, packaged for others to use it seems.

https://steipete.me/posts/2025/shipping-at-inference-speed

◧◩
17. ketanh+6z[view] [source] [discussion] 2026-01-27 20:26:34
>>tcdent+5u
Apparently "clawbot" wasn't allowed either: https://x.com/steipete/status/2016091353365537247
◧◩◪
22. jshear+8B[view] [source] [discussion] 2026-01-27 20:34:12
>>ludwig+it
They already use the name ClaudeBot for their web crawler:

https://support.claude.com/en/articles/8896518-does-anthropi...

23. simonw+GB[view] [source] 2026-01-27 20:36:17
>>philip+(OP)
This project terrifies me.

On the one hand it really is very cool, and a lot of people are reporting great results using it. It helped someone negotiate with car dealers to buy a car! https://aaronstuyvenberg.com/posts/clawd-bought-a-car

But it's an absolute perfect storm for prompt injection and lethal trifecta attacks: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

People are hooking this thing up to Telegram and their private notes and their Gmail and letting it loose. I cannot see any way that doesn't end badly.

I'm seeing a bunch of people buy a separate Mac Mini to run this on, under the idea that this will at least stop it from destroying their main machine. That's fine... but then they hook that new Mac Mini up to their Gmail and iMessage accounts, at which point they've opened up a bunch of critical data.

This is classic Normalization of Deviance: https://embracethered.com/blog/posts/2025/the-normalization-... - every time someone gets away with running this kind of unsafe system without having their data stolen they'll become more confident that it's OK to keep on using it like this.

Here's Sam Altman in yesterday's OpenAI Town Hall admitting that he runs Codex in YOLO mode: https://www.youtube.com/watch?v=Wpxv-8nG8ec&t=2330s

And that will work out fine... until it doesn't.

(I should note that I've been predicting a headline-grabbing prompt injection attack in the next six months every six months for over two years now and it still hasn't happened.)

Update: here's a report of someone uploading a "skill" to the https://clawdhub.com/ shared skills marketplace that demonstrates (but thankfully does not abuse) remote code execution on anyone who installed it: https://twitter.com/theonejvo/status/2015892980851474595 / https://xcancel.com/theonejvo/status/2015892980851474595

◧◩◪◨
35. Barbin+dG[view] [source] [discussion] 2026-01-27 20:52:16
>>clarkm+pE
Good question

https://local12.com/news/nation-world/kellogg-leggo-my-eggro...

36. low_te+eG[view] [source] 2026-01-27 20:52:26
>>philip+(OP)
When I visit https://www.molt.bot/ with Edge browser, there is a bloody red screen screaming malware. What's wrong with the name?
◧◩◪◨
45. razing+ZH[view] [source] [discussion] 2026-01-27 20:58:30
>>clarkm+pE
it’s in the discovery process with a deadline of February 23rd, at which time kellogg’s is to prepare their argument and motion for summary judgement. If that’s denied it tentatively goes to 3-4 day trial in July.

Court listener:

https://www.courtlistener.com/docket/70447787/kellogg-north-...

Pacer (requires account, but most recent doc summarized )

https://ecf.ohnd.uscourts.gov/doc1/141014086025?caseid=31782...

46. ChrisA+hI[view] [source] 2026-01-27 20:59:23
>>philip+(OP)
Related:

Clawdbot - open source personal AI assistant

>>46760237

◧◩
55. rahimn+3L[view] [source] [discussion] 2026-01-27 21:09:09
>>achill+ps
Maybe those folks buying Mac Minis to host at home weren't so silly after all. The exposed ones are almost all hosted on VPSs which, by design, have publicly-routable IP addresses.

But anyway I think connecting to a Clawdbot instance requires pairing unless you're coming from localhost: https://docs.molt.bot/start/pairing

60. jeffwa+lQ[view] [source] 2026-01-27 21:26:49
>>philip+(OP)
Coincidence? Article calling it a pump and dump earlier today.

>>46780065

◧◩
78. rvz+Ld1[view] [source] [discussion] 2026-01-27 23:16:56
>>achill+ps
Like I said before [0] infosec professionals are going to have a great time collecting so much money from vibe coders and crypto bros deploying software they openly admit that they have no idea what it does.

If you are very clever there is a chance that someone connected Moltbot with a crypto wallet and, well...

A opportunity awaits for someone to find a >$1M treasure and cut a deal with the victim.

[0] >>46774750

◧◩◪
87. biddit+Gi1[view] [source] [discussion] 2026-01-27 23:46:11
>>manmal+MW
Yes!

pi is the best-architected harness available. You can do anything with it.

The creator, Mario, is a voice of reason in the codegen field too.

https://shittycodingagent.ai/

https://mariozechner.at/posts/2025-11-30-pi-coding-agent/

◧◩◪
94. achill+3n1[view] [source] [discussion] 2026-01-28 00:12:16
>>swah+ue1
FYI we released a tool to calculate a bunch of these types of hashes: https://book.shodan.io/command-line-tools/shodan-hash/

More info about the favicon hashing technique: https://blog.shodan.io/deep-dive-http-favicon/

◧◩◪◨
98. mrshu+Ev1[view] [source] [discussion] 2026-01-28 01:08:11
>>saberi+op1
It was not built by Claude -- Peter no longer uses it for coding -- he builds exclusively with Codex now: https://steipete.me/posts/2025/shipping-at-inference-speed
◧◩◪◨
99. mrshu+Iv1[view] [source] [discussion] 2026-01-28 01:08:51
>>kurtis+3i1
Peter Steinberger, the author of Clawdbot / Moltbot

https://steipete.me/

◧◩◪
101. simonw+pA1[view] [source] [discussion] 2026-01-28 01:44:37
>>Jayaku+X01
That's the reason I called it the lethal trifecta: the only way to protect against it is to cut off one of the legs.

And like you observed, that greatly restricts the usefulness of what we can build!

The most credible path forward I've seen so far is the DeepMind CaMeL paper: https://simonwillison.net/2025/Apr/11/camel/

◧◩◪
102. jakere+wC1[view] [source] [discussion] 2026-01-28 02:03:45
>>mattma+eC
My old local brewery had a Leggo My Ego[1] beer they also were served a cease and desist by Kellogg over... they still make it, it's just now called the Unlawful Waffle[2] which is a bit funnier if you happen to know the lore/reason.

1. https://untappd.com/b/arizona-wilderness-brewing-co-leggo-my...

2. https://untappd.com/b/arizona-wilderness-brewing-co-unlawful...

◧◩◪
108. ethans+pH1[view] [source] [discussion] 2026-01-28 02:44:18
>>simian+UU
> I can chat with my friends (not possible right now with whatsapp!)

btw, WhatsApp has an Apple Watch App! https://faq.whatsapp.com/864470801642897

◧◩
126. no-nam+XT1[view] [source] [discussion] 2026-01-28 04:46:42
>>Malloc+pp
It's even worse than I guessed - moltbot updated their official docs to install the new package name ( https://github.com/moltbot/moltbot?tab=readme-ov-file#instal... ), but it was a package name they have not obtained, and a different non-clawdbot 'moltbot' package is there.

It's been 15 hours since that "CRITICAL" issue bug was opened, and moltbot has had dozens of commits ( https://github.com/moltbot/moltbot/commits/main/ ), but not to fix or take down the official install instructions that continue to have people install a 'moltbot' package that is not theirs.

◧◩◪
141. SyneRy+Yz2[view] [source] [discussion] 2026-01-28 11:01:46
>>jug+Gk1
It's probably still a bit too close. "Claw'd" might actually be a trademark of Anthropic now. The character and name originates from this Claude Sonnet 3.5 advertisement in June 2024, promoting the launch of the Artifacts feature by building an 8-bit game

https://www.youtube.com/watch?v=rHqk0ZGb6qo

"Have the crab jump up and over oncoming seashells... I think I want to name this crab... Claw'd."

Also, if you haven't found it hidden in Claude Code yet, there's a secret way to buy Clawd merch from Anthropic. Still waiting on them to make a Clawd plushie, though.

◧◩◪◨⬒⬓⬔⧯
153. VadimP+fd3[view] [source] [discussion] 2026-01-28 15:02:17
>>illumi+mR2
https://venturebeat.com/technology/anthropic-cracks-down-on-... don't have the paragraph, but here's the news about it for you.
◧◩
154. devhou+je3[view] [source] [discussion] 2026-01-28 15:07:20
>>jasonj+9H
It it was a bit surreal to see it happen live. GH project went to 70k stars and got a trademark cease‑and‑desist from Anthropic, had to rebrand in one night and even got pulled into an account takeover by crypto people.

I made a timeline of what happened if you want the details: https://www.everydev.ai/p/the-rise-fall-and-rebirth-of-clawd...

Did you follow it as it was going on, or are you just catching up now?

[go to top]