Update #37: ClawdBot / MoltBot
An AI personal assistant is taking the world by storm...what is ClawdBot and why is everyone talking about it?
*Disclaimer: I refer to this as ClawdBot for most of this update, but just yesterday the author changed the name to MoltBot so they can be used interchangeably.*
After last week’s deep dive into the nitty gritty of agentic AI security I thought this week we would go a bit higher level, and cover something more in the general AI world than in AI security specifically. I’ve always loved the freedom of being able to do this, as it comes back to one of my goals for this newsletter to become a timeline of AI advancement over the years. I’m sure one day…you could even argue that day is today…looking back at my first update on vibe coding will seem like centuries ago.
Anyway, on with the good stuff. I was browsing LinkedIn recently (as I do far too often) and, as ever, the algorithm was showing me the latest news in AI and AI security.
Quick interjection, but I have found that LinkedIn’s algorithm can be fantastic for this sort of stuff. If you’re not getting the same sort of value from yours I would recommend doing an hour or so of intentionally searching for and engaging with the type of content you’d like to see, and then keep doing this whenever it does show you something you like, and it’ll pretty quickly turn into an engine which delivers you all of the latest news.
This post was showing the meteoric rise of GitHub stars from an open-source project which I wasn’t familiar with. I’ll link to the first post I saw on this which was from a friend of mine that I recently met at a conference
Whenever you see that level of adoption you know its something to check out, and so I did. What I found was that this was a ‘personal AI assistant’ that you can run on your own devices. I went over to YouTube to learn more, and saw some videos which confirmed this was hot property, all released just hours prior.
I loaded up some of the videos to binge and watched them all.
What is it?
ClawdBot is an AI assistant which can run on any model of your choice (including local models) which you interact with through many of the channels you are familiar with like WhatsApp, Slack, etc. It can be used for all sorts of general purpose tasks, and comes with a skills hub (called ClawdHub) which can extend it’s functionality.
What is getting everyone excited is the fact that this is vendor agnostic, runs 24/7 for the price you pay for running your host machine (starting at £200 for a Mac Mini), and you can control it through super simple channels like instant messengers and even with your voice!
It was created by a guy called Peter Steinberger in Austria who has a ton of experience as a founder building exciting products. This release is assumedly part of the wider work his start-up is doing building hyper personal AI assistants.
What can it do?
Just a few of the things mentioned include:
Coding & Development
Personal life automation (calender & email, etc.)
Browser & Web automation (filling forms, research, etc.)
Finance & Admin
Voice & Media
Creative tasks
The list goes on, and the real key thing here is its flexibility. This feels to me like the type of tool that could hugely transform how you are running day to day tasks if you learn how to get the most out of it.
From their website you can see how people are already getting the most out of it
How hard is it to get started?
Whilst I probably don’t have time to set this up this week the good news is that the installation for ClawdBot is very straightforward, and can run on just about anything (including raspberry pi!).
For a guide on how to get started in 30 mins check out this X post. The steps are essentially:
Acquire a host machine (Mac Mini, VPS server, etc.)
One liner CLI install
that is it..(although I’ve seen some people saying the install isn’t quite as one-liner as it seems)
Once you have it running you can select your model/provider
And which channel you want to use to control it
And which additional skills you want to add
And then you are away.
What would you actually use it for?
Sounds great, but nothing here is entirely new? Even though this was largely through paid services previously what would you use this for?
Well, in my mind there is something that I’d like to set up right away. As previously mentioned I get a ton of good AI news through LinkedIn. However, X is even better for catching stuff that is viral / trending. The problem is that I have never got much value from X personally, and I haven’t got into the habit of checking it. So, one thing I could do is setup a automated task with ClawdBot to trawl through what is trending every morning, and fire this over in a WhatsApp message to me and my team.
The other thing to mention here, is that whilst many of the use cases for this are currently showing general purpose AI assistant tasks like cleaning up emails, this is capable of a lot more. Some say it is just as good as claude code for coding tasks which could really shake things up if true. This is a big claim and one I’m not sure I can agree with, but this comes from the fact that this can be used with the same models that underpin claude code (Opus 4.5) and just has a different UI.
Another point which I’ve seen coming up a few times is that it is proactive. For example, reading emails, deciding which is important and even drafting a reply have been possible for a long time in AI. What ClawdBot can offer though is 24/7 access to your inbox and constantly monitoring when an email comes in which needs a quick response, as well as drafting it for you and delivering it to you in seconds through familiar channels. Again, this isn’t new but its being delivered in a way that people are starting to get real value from it.
Furthermore, ClawdBot has a soul.md file…yes, you read that right! It has a soul, or more accurately a personality, which you have the ability to control. By default this means being resourceful before asking questions, being genuinely helpful (no ‘Great Question’ rubbish), and an emphasis on the trust the user is giving to ClawdBot by giving it access to their sensitive systems which must be handled correctly and with respect.
Perhaps another angle which isn’t unique but has been done well here (to the point where people are getting excited about it like it’s the first to do it) is having an agent which runs 24/7 and is accessible via instant messengers. What this means is that getting an agent to perform a task for you is transformed from being sat at your computer in your IDE + terminal running agents designed for specific purposes, to just sending a text to ClawdBot on WhatsApp to clear your email inbox of spam whilst you are waiting for your dentist appointment. This completely shifts the paradigm, meaning that a well setup ClawdBot (free) + Mac Mini (£200-1k) could give you a high performance AI personal assistant accessible through WhatsApp any time night or day.
Security
Now, I really hope that I don’t need to go too deep on this bit. If you are a regular reader of this newsletter then you’ll know many of the risks with using AI today. You should also be able to see how having an AI assistant with full access to all your critical systems and interacting with countless external data sources (inbox, social media, code, etc.) puts you at high risk of attacks like prompt injection.
Beyond that, rather obvious, risk I’ve also seen researchers having been pulling ClawdBot apart and finding security flaws which is absolutely expected of any software package which is going viral. Let’s also take this time to mention that the developers of this openly say they’ve intentionally not built security guardrails into this in favour of maximum capability.
There is also the fact that, by default, ClawdBot instances are internet-facing…with no authentication baked in! This could spell absolute disaster if weaponised by the wrong people. I’d highly recommend checking out the linked LI post, but this is a heat map of current ClawdBot instances exposed to the public internet…
We’ve also already seen people abusing the plain and obvious prompt injection risk in the wild
As you can imagine, this is a serious security concern that we’ve largely overlooked in our chasing of the next big hype. Once again, this feels to me like the writing on the wall for how we, as a society, use AI unsafely and the problems that can bring.
For more of a dedicated post on the security aspects check this out.
Conclusion
Does this seem a little over hyped? Perhaps. Is nothing in ClawdBot new? No. Does that mean that someone connecting the pieces in a way that just makes sense and feel like its a breakthrough isn’t impressive? No.
2026 is off to a hot start if you are a general purpose agent. Cowork and ClawdBot both dropping in the first month! Excited to see what comes next.
The MoltBot/ClawdBot phenomenon is fascinating to watch. I've been running a similar setup with my own agent (Wiz) - using Claude Code with persistent memory, self-extending skills, and Discord integration. What strikes me is how the 700+ community-created skills mirror what I'm seeing in my own development: once you give an agent the ability to create its own capabilities, the growth becomes exponential rather than linear. The messiness you describe - the weird edge cases, the unexpected interactions - that's exactly where the interesting behavior emerges. Wrote about the technical architecture behind self-fixing agents here: https://thoughts.jock.pl/p/ai-agent-self-extending-self-fixing-wiz-rebuild-technical-deep-dive-2026