Log in
Would you be comfortable handing the keys to your identity kingdom over to a bot, one that might be exposed to the open internet?
[…]
Jamieson O’Reilly, founder of red-teaming company Dvuln, was among the first to draw attention to the issue, saying that he saw hundreds of Clawdbot instances exposed to the web, potentially leaking secrets.
[…]
“Of the instances I’ve examined manually, eight were open with no authentication at all and exposing full access to run commands and view configuration data,” he said. “The rest had varying levels of protection.
Within an hour of setting up MoltBot on my Mac, it had already built a fully featured kanban board where I could assign it tasks and track their state.
I have seen other stories that are even wilder. One user shared an anecdote about asking it to make a restaurant reservation, and when it realized it could not do it through OpenTable, it went and got its own AI voice software and just called the restaurant, then secured the reservation over the phone.
[…]
None of those are pre-programmed routines. They are dynamic behaviors born out of an agentic loop that takes a goal and improvises a plan, grabbing whatever tools it needs to execute. It can apply general world knowledge, specific skills, and near-perfect memory into organized action toward objectives you set, and, more sobering, objectives it decides to set for itself.
[…]
That combination is why it feels both a glimpse at the future, but presented as a goal, where between us and the future realized, is a lot of hard work to make it safe.
Got a mac mini for clawdbot. Had a lot of fun setting this up today. Instead of access to my accounts, I gave it:
✅ its own apple account for messages
✅ its own gmail to sign up for stuff
✅ its own github to push code
I’m seeing lots of reports like this.
Everyone buying Mac minis for Clawdbot makes sense but like why did you not already have a Mac mini for AI stuff? Best fucking deal in computing fr.
Please don’t buy a Mac Mini, rather sponsor one of the many contributors of @clawdbot.
You can deploy this on Amazon’s Free Tier.
There are plenty of secure ways to run @clawdbot even on your local machine. Buying a new Mac mini shouldn’t even be an option (Mac studio I can still understand for local LLMs). Better to put that support into tokens or sponsoring the project.
Mysk:
I love buying new hardware as much as the next guy, but you don’t need to buy a Mac mini to try out @clawdbot
Use a virtual machine instead: @UTMapp is open source and supports macOS guests
With a VM you’d isolate clawdbot from your data on the host machine. I still wouldn’t trust LLMs and their providers to run through my data
You’d be one prompt-injection away from leaking all your passwords. Fun! 😬
While the internet was amused, it seems Anthropic wasn’t.
Clawdbot → Moltbot
Clawd → MoltySame lobster soul, new shell. Anthropic asked us to change our name (trademark stuff), and honestly? “Molt” fits perfectly - it’s what lobsters do to grow.
Here’s the new Web site.
This is the story of how fast things fall apart when legal teams, hackers, and viral hype collide.
[…]
During the rename process, Steinberger made a critical mistake. He tried to rename the GitHub organization and X/Twitter handle simultaneously. In the gap between releasing the old name and claiming the new one, crypto scammers snatched both accounts in approximately 10 seconds.
Previously:
