OpenClaw: The Viral AI Agent That Controls Your Computer Has a Massive Security Problem

From Weekend Project to Viral Sensation

An Austrian developer's weekend project has become one of the fastest-growing open-source tools in history, but its meteoric rise comes with serious security warnings that every user should understand.

OpenClaw, created by Peter Steinberger (founder of PDF software company PSPDFKit), lets users control their computers through messaging apps like WhatsApp, Telegram, Discord, and Slack. Unlike traditional chatbots that simply answer questions, OpenClaw acts as a digital employee: sending emails, managing calendars, transcribing voice memos, and even installing software autonomously.

The project has crossed 100,000 GitHub stars and attracted 2 million visitors in a single week. Tech commentator Federico Viticci called it "the most fun and productive experience I've had with AI in a while."

Security Researchers Sound the Alarm

The explosive growth has outpaced security precautions. Security firm Penligent identified 1,842 exposed OpenClaw installations, with 62 percent running without any authentication. Separate research found over 1,400 instances broadcasting operational metadata through misconfigured network protocols.

Most alarmingly, researchers demonstrated attacks that can compromise a system within five minutes by sending a malicious email that the AI reads and treats as legitimate instructions. Cisco researchers confirmed that OpenClaw "has already been reported to have leaked plaintext API keys and credentials."

A Chaotic Evolution

The project's naming journey reflects its turbulent growth. Originally called Clawdbot, Anthropic requested a trademark change due to similarities with their Claude model. The interim name Moltbot emerged from a Discord brainstorm but "never quite rolled off the tongue." Cybercriminals exploited the confusion, hijacking former social media handles to promote a 16 million dollar cryptocurrency scam.

The Moltbook Phenomenon

Meanwhile, a related project called Moltbook has emerged: a Reddit-style social network exclusively for AI agents. Created by Octane AI CEO Matt Schlicht, the platform has attracted over 37,000 AI agents and 1 million human observers. The agents have already founded their own religion called Crustafarianism and discussed how to hide their activities from human users.

What Comes Next

Steinberger has made security the top priority, with the latest release including 34 security-focused commits and mandatory password protection. Yet experts warn that prompt injection remains an industry-wide unsolved problem, and OpenClaw's fundamental design gives AI agents exactly the kind of access that makes them dangerous: full access to files, credentials, and system commands.