zlacker

[parent] [thread] 1 comments
1. Malloc+(OP)[view] [source] 2026-01-27 19:49:02
As a result of this the official install is now installing a squatted package they don't control: https://github.com/moltbot/moltbot/issues/2760 https://github.com/moltbot/moltbot/issues/2775

But this is basically in line with average LLM agent safety.

replies(1): >>no-nam+yu1
2. no-nam+yu1[view] [source] 2026-01-28 04:46:42
>>Malloc+(OP)
It's even worse than I guessed - moltbot updated their official docs to install the new package name ( https://github.com/moltbot/moltbot?tab=readme-ov-file#instal... ), but it was a package name they have not obtained, and a different non-clawdbot 'moltbot' package is there.

It's been 15 hours since that "CRITICAL" issue bug was opened, and moltbot has had dozens of commits ( https://github.com/moltbot/moltbot/commits/main/ ), but not to fix or take down the official install instructions that continue to have people install a 'moltbot' package that is not theirs.

[go to top]