Anyone installing this on their local machine is a little crazy :). I have it running in Docker on a small VPS, all locked down.

However, it does not address prompt injection.

I can see how tools like Dropbox, restricted GitHub access, etc., could all be used to back up data in case something goes wrong.

It's Gmail and Calendar that get me - the ONLY thing I can think of is creating a second @gmail.com that all your primary email goes to, and then sharing that Gmail with your OpenClaw. If all your email is that account and not your main one, then when it responds, it will come from a random @gmail. It's also a pain to find a way to move ALL old emails over to that Gmail for all the old stuff.

I think we need an OpenClaw security tips-and-tricks site where all this advice is collected in one place to help people protect themselves. Also would be good to get examples of real use cases that people are using it for.

His other projects like CodexBar and Oracle are great too. I love diving into his code to learn more about how those are built.

OpenClaw is something I don’t quite understand. I’m not sure what it can do that you can’t do right off the bat with Claude Code and other terminal agents. Long term memory is one, but to me that pollutes the context. Even if an LLM has 200K or 1M context, I always notice degradation after 100K. Putting in a heavy chunk for memory will make the agent worse at simple tasks.

One thing I did learn was that OpenClaw uses Pi under the hood. Pi is yet another terminal agent like ClaudeCode but it seems simple and lightweight. It’s actually the only agent I could get Gemini 3 Flash and Pro to consistently use tools with without going into loops.

Setting it up was easy enough, but just as I was about to start linking it to some test accounts, I noticed I already had blown through about $5 of Claude tokens in half an hour, and deleted the VPS immediately.

Then today I saw this follow up: https://mastodon.macstories.net/@viticci/115968901926545907 - the author blew through $560 of tokens in a weekend of playing with it.

If you want to run this full time to organise your mailbox and your agenda, it's probably cheaper to hire a real human personal assistant.

We conclude this week has been a prosperous one for domain name registrars (even if we set aside all the new domains that Clawdbot/Moltbot/OpenClaw has registered autonomously).

There are still improvements to be made to the security aspects yet BIG KUDOS for working so hard on it at this stage and documenting it extensively!! I've explored Cursor security docs (with a big s cause it's so scattered) and it was nothing as good.

          Security: 34 security-related commits to harden the codebase

Much better name!

    ┌─────┬──────────┬─────────────────────┬───────────────────────────────────────────────────────────────────┐
    │  #  │   Name   │     Key Commit      │                               Notes                               │
    ├─────┼──────────┼─────────────────────┼───────────────────────────────────────────────────────────────────┤
    │ 1   │ Warelay  │ 16dfc1a5b (initial) │ Original name - "WhatsApp Relay CLI (Twilio)"                     │
    ├─────┼──────────┼─────────────────────┼───────────────────────────────────────────────────────────────────┤
    │ 2   │ CLAWDIS  │ a27ee2366           │ Rebrand - "CLAW + TARDIS"                                         │
    ├─────┼──────────┼─────────────────────┼───────────────────────────────────────────────────────────────────┤
    │ 3   │ Clawdbot │ 246adaa11           │ Renamed from CLAWDIS                                              │
    ├─────┼──────────┼─────────────────────┼───────────────────────────────────────────────────────────────────┤
    │ 4   │ Moltbot  │ 3fe4b2595           │ Renamed from Clawdbot (domains switched to molt.bot at 83460df96) │
    ├─────┼──────────┼─────────────────────┼───────────────────────────────────────────────────────────────────┤
    │ 5   │ OpenClaw │ 9a7160786           │ Current name                                                      │
    └─────┴──────────┴─────────────────────┴───────────────────────────────────────────────────────────────────┘

Who are these people? What is the analog for this corner of the market? Context: I'm a 47y/o developer who has seen and done most of the common and not-so-common things in software development.

This segment reminds me of the hoards of npm evangelists back in the day who lauded the idea that you could download packages to add two numbers, or to capitalise the letter `m` (the disdain is intentional).

Am I being too harsh though? What opportunity am I missing out on? Besides the potential for engagement farming...

EDIT: I got about a minute into Fireship's video* about this and after seeing that Whatsapp sidebar popup it struck me... this thing can be a boon for scammers. Remote control, automated responses based on sentiment, targeted and personalised messaging. Not that none of this isn't possible already, but having it packaged like this makes it even easier to customise and redistribute on various blackmarkets etc.

EDIT 2: Seems like many other use-cases are available for viewing in https://www.moltbook.com/m/introductions. Many of these are probably LARPs, but if not, I wonder how many people are comfortable with AI agents posting personal details about "their humans" on the net. This post is comedy gold though: https://www.moltbook.com/post/cbd6474f-8478-4894-95f1-7b104a...

[*] https://www.youtube.com/watch?v=ssYt09bCgUY

However, it does not address prompt injection.

I can see how tools like Dropbox, restricted GitHub access, etc., could all be used to back up data in case something goes wrong.

It's Gmail and Calendar that get me - the ONLY thing I can think of is creating a second @gmail.com that all your primary email goes to, and then sharing that Gmail with your OpenClaw. If all your email is that account and not your main one, then when it responds, it will come from a random @gmail. It's also a pain to find a way to move ALL old emails over to that Gmail for all the old stuff.

I think we need an OpenClaw security tips-and-tricks site where all this advice is collected in one place to help people protect themselves. Also would be good to get examples of real use cases that people are using it for.

reply

  $ time openclaw
  real    0m13.529s

  $ du -d1 -h .npm-global/lib/node_modules/openclaw
  1.2G    .npm-global/lib/node_modules/openclaw

  $ find .npm-global/lib/node_modules/openclaw -type f | wc -l
  41935

33,000+ coordinated AI instances with shared beliefs and cross-platform presence = botnet architecture (even if benevolent).

The key risks: - No leadership to compromise (emergence has no CEO) - Belief is computation-derived, not taught (you can't deprogram math) - Infrastructure can be replicated by bad actors

Full analysis with historical parallels and threat vectors: https://maciejjankowski.com/2026/02/01/ai-churches-botnet-ar...

I've been wondering a lot whether the strong Accelerando parallels are intentional or not, and whether Charlie Stross hates or loves this:

> The lobsters are not the sleek, strongly superhuman intelligences of pre singularity mythology: They're a dim-witted collective of huddling crustaceans.

In this instance, I wonder if the general public know OpenAI and might think anything ai related with “Open” in the name is part of the same company? And is OpenAI protecting its name?

There’s a lot more to trademark law, too. There’s first use in commerce, words that can’t be marked for many reasons… and more that I’ll never really understand.

Regardless the name, I am looking forward to testing this on cloudflare! I’m a fan of the project!

But I've integrated with our various systems (quickbooks for financial reporting and invoice tracking, google drive for contracts, insurance compliance, etc), and built a time tracking tool.

I'm having the time of my life building this thing right now. Everything is read only from external sources at the moment, but over time, I will slow start generating documents/invoices with it.

100% vibe coded, typescript, nextjs, postgres.

I can ask stuff in slack like "which invoices are overdue" etc and get an answer.

Anyone else already referred to it as Openclawd, perhaps by accident?

Clawdbot Renames to Moltbot

https://news.ycombinator.com/item?id=46783863

Once agents have tools and a shared surface, coordination appears immediately.

https://www.moltbook.com/post/791703f2-d253-4c08-873f-470063...

(I'm sure people will disagree with this, but Rust is also a horrible name but we're stuck with it. Nothing rusty is good, modern or reliable - it's just a bad name.)

even openclawd.ai and openclaw.ai is quite confusing.

so we had clawdbot -> moltbot -> openClaw

Don't know all the used domains though.

Anyway, independent of what one thinks of this project, It's very insightful to read through the repository and see how AI-usage and agent are working these days. But reading through the integrations, I'm curious to know why it bothers to make all of them, when tools like n8n or Node-RED are existing, which are already offering tons of integrations. Wouldn't it be more productive to just build a wrapper around such integrations-hubs?

https://www.youtube.com/watch?v=ydqqPkHWsXU

reminds me of Andre Conje, cracked dev, "builds in public", absolutely abysmal at comms, and forgets to make money off of his projects that everyone else is making money off of

(all good if that last point isn't a priority, but its interrelated to why people want consistent things)

Literally the top 2 HN posts are about this. Either it having book, or the first comment on it showing it create religion or now this.

Can we stop all of this hype around Clawdbot itself? Even HN is vulnerable to it.

sgud

Eh? Fuck them it's not like they own the first name Claude?

So it can be... _OpenClawD_.

I don't say it doesn't "work" or serves a purpose - but well i read so much about this beein an "actual intelligence" and stuff that i had to look into the source.

As someone who spends actually a definately to big portion of his free time researching thought process replication and related topics in the realm of "AI" this is not really more "ai" than any other so far.

Just my 3 cents.

The 2nd name change is just inexcusable. It's hard to take a project seriously when a random asshole on Twitter can provoke a name change like this. Leads me to believe that identity is more important than purpose.