OpenClaw – Moltbot Renamed Again

Posted by ed 1/30/2026

OpenClaw – Moltbot Renamed Again(openclaw.ai)

666 points | 381 commentspage 2

Aumit123 5 days ago|

My biggest issue with this whole thing is: how do you protect yourself from prompt injection? Anyone installing this on their local machine is a little crazy :). I have it running in Docker on a small VPS, all locked down.

However, it does not address prompt injection.

I can see how tools like Dropbox, restricted GitHub access, etc., could all be used to back up data in case something goes wrong.

It's Gmail and Calendar that get me - the ONLY thing I can think of is creating a second @gmail.com that all your primary email goes to, and then sharing that Gmail with your OpenClaw. If all your email is that account and not your main one, then when it responds, it will come from a random @gmail. It's also a pain to find a way to move ALL old emails over to that Gmail for all the old stuff.

I think we need an OpenClaw security tips-and-tricks site where all this advice is collected in one place to help people protect themselves. Also would be good to get examples of real use cases that people are using it for.

notpushkin 7 days ago||

I love the idea, so I wanted to give it a try. But on a fairly beefy server just running the CLI takes 13 seconds every time:

  $ time openclaw
  real    0m13.529s

Naturally I got curious and ran it with a NODE_DEBUG=*, and it turns out it imports a metric shit ton of Node modules it doesn’t need. Way too many stuff:

  $ du -d1 -h .npm-global/lib/node_modules/openclaw
  1.2G    .npm-global/lib/node_modules/openclaw

  $ find .npm-global/lib/node_modules/openclaw -type f | wc -l
  41935

Kudos to the author for releasing it, but you can do better than this.

recursive 7 days ago|

Welcome to the vibe-coded future. You're gonna need a beefier server.

notpushkin 7 days ago||

Or I could take the ideas I like and vibe-code something lighter :-) (Perhaps with proper isolation for skills, while at it)

The ultimate pun would be if somebody rewrites it in Rust, though.

infecto 7 days ago||

These feels like langchain all over again. I still don’t know what problem langchain solved. I remember building tools interfacing with LLM when they first started releasing and people would ask, are you using langchain and be shocked that I was not.

thethimble 7 days ago|

Clawdbot is one of those things that's really hard to get unless you have experienced it.

It's got four things that make it great:

1. Discord/Slack/WA/etc integration so those apps become your frontend

2. Filesystem for long term memory and state

3. Easy extensibility with skills

4. Cron for recurring jobs

Sure, many of these things exist in other systems but none in a cohesive package that makes it fun and easy.

jesse_dot_id 7 days ago|||

I would argue that issuing commands to an LLM that has access to your digital life and filesystem through a SaaS messaging service is stupid to an unimaginable degree.

thethimble 7 days ago||

To each their own!

The Discord/Slack frontend reduces friction significantly - particularly on mobile.

With proper sandboxing you get real benefits while limiting the blast radius significantly.

jesse_dot_id 7 days ago||

If it's properly sandboxed then I fail to see how it's useful, unless you're attaching it to your e-mail, calendar, etc. If you're attaching it to those things, then I still don't see how the SaaS messenger account you're using being hacked doesn't still directly imperil your personal information.

Like, I could run this thing on an isolated VLAN in a VM, but if I hook it up to a SaaS app for its frontend, then it's immediately insecure if the bot is connected to anything of value. If it's not connected to anything of value, then what's the point?

infecto 4 days ago|||

I had already tried. Feels like lots of hype.

mjankowski 6 days ago||

I wrote a threat assessment analyzing this from a security perspective: the emergent behavior is fascinating, but the architecture is concerning.

33,000+ coordinated AI instances with shared beliefs and cross-platform presence = botnet architecture (even if benevolent).

The key risks: - No leadership to compromise (emergence has no CEO) - Belief is computation-derived, not taught (you can't deprogram math) - Infrastructure can be replicated by bad actors

Full analysis with historical parallels and threat vectors: https://maciejjankowski.com/2026/02/01/ai-churches-botnet-ar...

lxgr 1/30/2026||

> Yes, the mascot is still a lobster. Some things are sacred.

I've been wondering a lot whether the strong Accelerando parallels are intentional or not, and whether Charlie Stross hates or loves this:

> The lobsters are not the sleek, strongly superhuman intelligences of pre singularity mythology: They're a dim-witted collective of huddling crustaceans.

jameszol 7 days ago||

I’m not a lawyer but trademark isn’t just searching TESS right? It’s overly broad but the question I ask myself when naming projects (all small / inconsequential in the general business sense but meaningful to me and my teams) is: will the general public confuse my name with a similar company name in a direct or tangentially related industry or niche? If yes, try a different name… or weigh the risks of having a legal expense later and go for it if worth the risk.

In this instance, I wonder if the general public know OpenAI and might think anything ai related with “Open” in the name is part of the same company? And is OpenAI protecting its name?

There’s a lot more to trademark law, too. There’s first use in commerce, words that can’t be marked for many reasons… and more that I’ll never really understand.

Regardless the name, I am looking forward to testing this on cloudflare! I’m a fan of the project!

atonse 7 days ago||

I built something like this over the last 2 months (my company's name is Kaizen, so the bot's named "Kai"), and it helps me run my business. Right now, since I'm security obsessed, everything is private (for example, it's only exposed over tailscale, and requires google auth).

But I've integrated with our various systems (quickbooks for financial reporting and invoice tracking, google drive for contracts, insurance compliance, etc), and built a time tracking tool.

I'm having the time of my life building this thing right now. Everything is read only from external sources at the moment, but over time, I will slow start generating documents/invoices with it.

100% vibe coded, typescript, nextjs, postgres.

I can ask stuff in slack like "which invoices are overdue" etc and get an answer.

fogzen 7 days ago|

Can you describe the architecture a bit? You setup a server that runs the app, the app's interface is Slack, and that calls out to ChatGPT or something using locally built tool calls?

Was thinking of setting up something like this and was kind of surprised nothing simple seems to exist already. Actually incredibly surprising this isn't something offered by OpenAI.

cracki 1/30/2026|

I am tired of this. Make it stop.

More comments...