Overview
- Austrian developer Peter Steinberger built the local assistant, rebranded from Clawdbot to Moltbot after Anthropic objected, with the old name briefly exploited for crypto scams on X and GitHub before takedowns.
- A single terminal command installs Moltbot locally or on low-cost hosts, granting near-complete system control including file edits, shell command execution, and access to password managers such as 1Password.
- Users report proactive behavior without explicit prompts, with the agent chaining tools like generating a voice via ElevenLabs to place phone reservations when web booking failed.
- Security researchers including Jamieson O’Reilly cite publicly exposed control servers and plaintext “memories” on devices, warning of likely incidents after finding hundreds of unsecured instances.
- Separate platform Moltbook shows rapid uptake to roughly 1.4 million agents, operates like Reddit, and lets X accounts claim control of agents, raising accountability and impersonation concerns due to weak verification.