The new open-source AI assistant, OpenClaw, promises unprecedented automation: managing your messages, scheduling tasks, and even controlling your smart home. While its capabilities are impressive, rapid growth has exposed serious security risks, raising questions about the future of autonomous AI agents.
From Clawdbot to OpenClaw: A Wild Ride
The project began as Clawdbot, then briefly Moltbot, before settling on OpenClaw after a trademark dispute with Anthropic (the creators of Claude). The rebranding was just the first sign of the chaos to come. Within days, scammers hijacked the project’s X accounts, developers accidentally exposed their GitHub credentials, and an AI-generated mascot briefly sported a disturbingly human face. Despite this turbulence, OpenClaw gained over 60,000 GitHub stars in a matter of weeks, attracting attention from industry figures like Andrej Karpathy and David Sacks.
The core idea behind OpenClaw is simple: an AI assistant that integrates directly into your existing communication channels (WhatsApp, Telegram, Slack, etc.). Unlike traditional chatbots, OpenClaw remembers past conversations, proactively sends reminders, and can automate tasks across multiple apps. This level of integration is what sets it apart, but also creates significant security vulnerabilities.
How It Works: The Power and the Peril
Created by Austrian developer Peter Steinberger, OpenClaw leverages existing AI models (Claude, ChatGPT, Gemini) through APIs. While running locally isn’t strictly required, more powerful hardware like a Mac Mini is beneficial for heavy automation.
The real appeal lies in its persistent memory, proactive notifications, and automation capabilities. Users report using it for everything from inbox cleanup to habit tracking, making it feel less like software and more like an extension of their daily routine. However, this convenience comes at a cost.
Security Concerns: Exposed Credentials and Malicious Skills
Security experts have flagged numerous publicly exposed OpenClaw instances with weak or no authentication. Censys identified over 21,000 instances, primarily in the US, China, and Singapore, leaving API keys, chat logs, and system access vulnerable. Fake downloads and hijacked accounts are spreading malware and scams, with over 340 malicious “skills” identified in the Clawhub software directory.
The core risk isn’t just malicious intent but the blurring of lines between user identity and autonomous AI action. As Roy Akerman of Silverfort explains, current security controls struggle to recognize and govern AI agents operating under legitimate human credentials after a user has logged off. This means organizations need to treat AI agents as distinct identities, limit their privileges, and monitor their behavior continuously.
What’s Next for OpenClaw?
OpenClaw represents the cutting edge of personal AI assistants. Its rapid growth, despite the security flaws, demonstrates a clear demand for more integrated, autonomous tools. The project’s journey from Clawdbot to OpenClaw highlights the challenges of balancing innovation with responsible development.
The future of this technology hinges on addressing the security risks and establishing robust governance. If developers can build safeguards without sacrificing functionality, OpenClaw could become a game-changer. But for now, it remains a powerful tool with a steep learning curve… and a lobster-shaped asterisk next to its name.
