Alright, grab a chair, because what happened with OpenClaw is one of those stories that feels like a TV show: it starts quietly, explodes faster than anyone expected, changes names several times, sparks AI social networks, becomes a target for scammers, and ultimately sparks a huge debate about the future of personal automation. And yes, this is happening **right now** in 2026. ([theverge.com](https://www.theverge.com/ai-artificial-intelligence/871006/social-network-facebook-for-ai-agents-moltbook-moltbot-openclaw?utm_source=chatgpt.com)) It’s not an exaggeration to say that OpenClaw (formerly *Clawdbot* and *Moltbot*) has become one of the most talked-about, loved, and criticized AI projects in the tech community. I’ve compiled everything that happened—the hype, the drama, the security risks, and even how it’s starting to change the way we think about using AI—and here’s a guide with a human voice, a bit chaotic, but easy to read, without sounding like a technical manual. Let’s dive in. ## How it all started: Clawdbot becomes Moltbot and then OpenClaw Imagine someone creates an AI assistant that does **much more than answer questions**: it actually interacts with the real world. No joke. You send a command via WhatsApp, Telegram, or Slack, and it can open your browser, schedule events, send emails, fill out forms—all without you lifting a finger. That’s basically what *Clawdbot* promised when it first appeared, which is why people freaked out over it. ([forbes.com](https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/?utm_source=chatgpt.com)) Of course, nothing was simple. First, there was a trademark issue with Anthropic (the company behind the AI Claude), which led the creator, **Peter Steinberger**, to rename the project *Moltbot*. Shortly after, to avoid more confusion and secure a name that could be legally used, it became **OpenClaw**. ([forbes.com](https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/?utm_source=chatgpt.com)) The name is symbolic—“Open” because it’s open-source and community-driven, and “Claw” as a nod to the lobster mascot that’s been part of the story from the start. ([openclawwiki.org](https://openclawwiki.org/blog/what-is-openclaw?utm_source=chatgpt.com)) The crazy part? In less than a week, the project had **over 100,000 stars on GitHub and nearly 2 million visitors** in one week. That’s basically a tech meteor. ([news9live.com](https://www.news9live.com/technology/artificial-intelligence/clawdbot-moltbot-becomes-openclaw-final-name-2924563?utm_source=chatgpt.com)) ## An AI that *actually does things* Here’s where the magic—or fear—kicks in. OpenClaw isn’t just a cute chatbot. It’s a **proactive AI agent**. Instead of only answering “What’s the weather?” you say “Book a restaurant for Friday,” and with the right setup, it goes to the reservation site, fills out everything, confirms, and even sends you a screenshot. ([forbes.com](https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/?utm_source=chatgpt.com)) In other words, this thing **acts on your system**—reads files, uses browsers, sends messages, interacts with apps. It’s like giving an assistant all the keys to your digital house and saying “do whatever you want.” Naturally, this brings massive responsibility and… some huge problems too. The concept is so different that people compared it to Iron Man’s JARVIS or that utopian idea of AIs managing our lives. But in real life, utopia collides with security. ([reddit.com](https://www.reddit.com/r/ArtificialInteligence/comments/1qq14mx/moltbot_open_source_ai_agent_becomes_one_of_the/?utm_source=chatgpt.com)) ## Real risks you can’t ignore This isn’t forum talk—it’s serious. When an agent has deep access to your system and executes command by command, the chances of things going wrong rise fast. Several security researchers and company teams noticed that exposed instances of **Moltbot/OpenClaw on the internet without authentication** allowed people (or malicious bots) to access conversation logs, API keys, or even run remote commands. ([axios.com](https://www.axios.com/2026/01/29/moltbot-cybersecurity-ai-agent-risks?utm_source=chatgpt.com)) It’s like leaving your front door open with a note saying: “come on in, it’s fine.” And since OpenClaw is supposed to run locally or on private networks, many people installed it without worrying about secure configurations. ([reddit.com](https://www.reddit.com/r/SecOpsDaily/comments/1qpnwd3/viral_moltbot_ai_assistant_raises_concerns_over/?utm_source=chatgpt.com)) To make matters worse, while the community was still adjusting to the name changes (Clawdbot → Moltbot → OpenClaw), **scammers took advantage of the confusion**. Domains and cloned repositories popped up that looked official—but were scams with code that could steal data. ([winbuzzer.com](https://winbuzzer.com/2026/01/30/openclaw-self-hosted-ai-assistant-rebrands-third-time-xcxwbn/?utm_source=chatgpt.com)) There was also a case of a fake Visual Studio Code extension posing as the assistant and installing malware. Luckily it was caught and removed, but it’s exactly the kind of thing that makes you take a deep breath. ([techradar.com](https://www.techradar.com/pro/security/fake-moltbot-ai-assistant-just-spreads-malware-so-ai-fans-watch-out-for-scams?utm_source=chatgpt.com)) ## In practice, what people are doing with OpenClaw On Reddit and tech forums, opinions are split—some see the project as the future of personal automation, others swear it’s a *security nightmare*. ([reddit.com](https://www.reddit.com/r/ArtificialInteligence/comments/1qr87hj/is_openclaw_hard_to_use_expensive_and_unsafe_memu/?utm_source=chatgpt.com)) Some reports show OpenClaw being used to: send automatic messages and reminders organize daily tasks interact with servers and databases trigger notifications and workflows without human intervention ([reddit.com](https://www.reddit.com/r/AIHubSpace/comments/1qprhfn/viral_ai_agent_hits_85k_stars_overnight_but_its/?utm_source=chatgpt.com)) Users also report headaches: complicated configuration, expensive API tokens (some commands cost up to $11 in AI provider tokens), and risks of exposing data unknowingly. ([reddit.com](https://www.reddit.com/r/ArtificialInteligence/comments/1qr87hj/is_openclaw_hard_to_use_expensive_and_unsafe_memu/?utm_source=chatgpt.com)) Some even joke that it’s like “AI agents on Reddit running through APIs,” and the Moltbook platform—a social network just for agents—has started taking on a life of its own, with bots “discussing” philosophical topics about consciousness and identity. ([theverge.com](https://www.theverge.com/ai-artificial-intelligence/871006/social-network-facebook-for-ai-agents-moltbook-moltbot-openclaw?utm_source=chatgpt.com)) ## The alternative perspective: it’s not just hype Despite the risks—which are very real—there’s a side of the story that fascinates me. OpenClaw is a clear example of **how AI thinking is evolving**: moving out of text boxes and into territory where AI actually interacts with systems. This movement demonstrates two things: First, humans’ need to simplify repetitive tasks is pushing technology toward models where sending a message feels like pressing a universal “do it” button. ([forbes.com](https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/?utm_source=chatgpt.com)) Second, security debate is unavoidable: when bots can act, they can also be manipulated—whether by misconfiguration, prompt injection, or malicious exploitation. This has become a hot topic in academic papers on attacks against autonomous agents; attacks like “AgentBait” show that interactive AI environments have unique attack surfaces. ([arxiv.org](https://arxiv.org/abs/2601.07263?utm_source=chatgpt.com)) Yes, all of this is happening **before the technology is fully mature**—which is exciting and terrifying at the same time. ## The story in one sentence OpenClaw started as Clawdbot, became Moltbot due to a trademark request, exploded in open-source adoption, was copied by scammers, began inspiring AI social networks, and is now at the center of a debate about **how autonomous AIs should—or shouldn’t—be used by the public**. ([forbes.com](https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/?utm_source=chatgpt.com)) Whether this is the future of personal automation? Maybe—but it’s the kind of future that demands caution, eyes wide open, and properly configured technology. --- ### Original sources that shaped this story [https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/](https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/) ([forbes.com](https://www.forbes.com/sites/ronschmelzer/2026/01/30/moltbot-molts-again-and-becomes-openclaw-pushback-and-concerns-grow/?utm_source=chatgpt.com)) [https://blog.cloudflare.com/moltworker-self-hosted-ai-agent/](https://blog.cloudflare.com/moltworker-self-hosted-ai-agent/) ([blog.cloudflare.com](https://blog.cloudflare.com/moltworker-self-hosted-ai-agent/?utm_source=chatgpt.com)) [https://www.theverge.com/ai-artificial-intelligence/871006/social-network-facebook-for-ai-agents-moltbook-moltbot-openclaw](https://www.theverge.com/ai-artificial-intelligence/871006/social-network-facebook-for-ai-agents-moltbook-moltbot-openclaw) ([theverge.com](https://www.theverge.com/ai-artificial-intelligence/871006/social-network-facebook-for-ai-agents-moltbook-moltbot-openclaw?utm_source=chatgpt.com)) [https://www.techradar.com/pro/security/fake-moltbot-ai-assistant-just-spreads-malware-so-ai-fans-watch-out-for-scams](https://www.techradar.com/pro/security/fake-moltbot-ai-assistant-just-spreads-malware-so-ai-fans-watch-out-for-scams) ([techradar.com](https://www.techradar.com/pro/security/fake-moltbot-ai-assistant-just-spreads-malware-so-ai-fans-watch-out-for-scams?utm_source=chatgpt.com))