Recently, an AI tool named Moltbot (formerly known as Clawdbot) has swept across Silicon Valley. Both the heated discussions in geek communities and the impressive 60,000+ stars on GitHub are a testament to its soaring popularity. Hailed by tech entrepreneur Alex Finn as “the greatest AI application to date,” this tool positions itself as “The AI that actually does things.” With its unique interaction logic and powerful functional expandability, it has become the focus of the tech world, while also sparking debates about the boundaries and security risks of AI applications.
Core Advantages: A Practical AI Breaking Down Barriers
Moltbot’s rise to fame is no accident. Its core advantage lies in subverting the usage logic of traditional AI chatbots. Unlike tools like ChatGPT that require opening a webpage to input commands, Moltbot supports receiving instructions through commonly used chat apps such as Telegram and WhatsApp. In the background, it can connect to mainstream LLMs (large language models) including ChatGPT, Gemini, and Claude, converting user needs into local Shell scripts for direct execution. This model of “sending commands via chat boxes and letting the computer do the work automatically” integrates the AI assistant truly into daily work and life.
Its basic functions cover high-frequency needs such as “cleaning inboxes, sending emails, managing schedules, and checking in for flights.” Through the Skills system, users can also develop more personalized use cases. Some users have asked it to formulate 25 stock trading strategies, generate over 3,000 analysis reports, and implement 24/7 automated trading; others have used it to create animated avatars, even receiving unexpected sleeping animations as a bonus. What’s more, entrepreneurs have transformed it into an around-the-clock assistant that can complete multiple complex tasks in a single day—such as writing video scripts, conducting industry research, building project management systems, and even independently forming AI agent teams to replace Notion as a “second brain,” while curating and delivering latest AI news in daily briefs.
In addition, long-term memory and proactive service capabilities are another highlight of Moltbot. Since data is stored locally, it can remember users’ conversation history and long-term preferences, becoming more attuned to their needs over time. At the same time, it can actively send reminders, such as meeting notifications, pending emails, and travel adjustment suggestions—just like Jarvis on call 24/7, a feature that mainstream chatbots struggle to achieve.
Controversies and Risks: Hidden Concerns Behind Radical Configuration
Beneath the wave of popularity, Moltbot’s controversies and risks cannot be ignored. On January 27, due to potential confusion between its original name and Anthropic’s Claude Code, the project was renamed Moltbot at the request of the latter. The mascot lobster’s “same soul, brand-new shell” vividly illustrates this renaming. However, more concerning than the name change are its security vulnerabilities.
As Moltbot possesses extremely high system permissions and can access all local data, ordinary users without proper security protection are highly susceptible to risks. One netizen merely sent a “hello” and received all the API keys known to Moltbot, including those for Anthropic and Gemini; another entrepreneur claimed that funds in his wallet disappeared after configuration (authenticity unconfirmed). In response, developer Peter Steinberger clearly stated that running the tool carries significant risks. He emphasized that it is both a product and an experiment—there is no “absolutely secure” deployment plan when integrating the interaction logic of cutting-edge models with practical tools.
As a representative product after the AI Agent concept has been hyped for over a year, Moltbot showcases the potential form of AI assistants, allowing people to intuitively feel that “the future is here.” But essentially, it is more of a radical configuration of existing AI capabilities, deeply integrating cutting-edge models with practical tools. From Clawdbot to Moltbot, the tool’s popularity proves the public’s strong demand for “practical, task-accomplishing” AI products. However, to truly bring “Jarvis in the hard drive” into everyday life, the industry still needs to tackle key challenges—beyond continuous functional optimization, establishing a sound security protection system and lowering the threshold for use are crucial. The popularization of AI-native products requires finding a better balance between innovation and security.
