OpenClaw (Formerly Moltbot)
Peter Steinberger (Hacker News):
Two months ago, I hacked together a weekend project. What started as “WhatsApp Relay” now has over 100,000 GitHub stars and drew 2 million visitors in a single week.
Today, I’m excited to announce our new name: OpenClaw.
[…]
I’d like to thank all security folks for their hard work in helping us harden the project. We’ve released machine-checkable security models this week and are continuing to work on additional security improvements. Remember that prompt injection is still an industry-wide unsolved problem, so it’s important to use strong models and to study our security best practices.
See also: Moltbook (Hacker News), CNET, Rui Carmo.
Previously:
Update (2026-02-05): Jake Quist (Hacker News):
If you browse Reddit or HN, you’ll see the same pattern: people are buying Mac Minis specifically to run AI agents with computer use. They’re setting up headless machines whose sole job is to automate their workflows. OpenClaw—the open-source framework that lets you run Claude, GPT-5, or whatever model you want to actually control your computer—has become the killer app for Mac hardware. Not Final Cut. Not Logic. An AI agent that clicks buttons.
This is exactly what Apple Intelligence should have been.
[…]
If Apple owned the agent layer, they could have created the most defensible moat in tech. Because an AI agent gets better the more it knows about you. And Apple already has all your data, all your apps, all your devices. They could have built an agent that works across your iPhone, Mac, iPad, and Watch seamlessly—something no one else can do.
More importantly, they could have owned the API. Want your service to work with Apple Agent? You play by Apple’s rules. Suddenly Apple isn’t fighting with platforms—they’re the platform that platforms need to integrate with. It’s the App Store playbook all over again, but for the AI era.
The question is if Apple could have done it in a safer way.
Update (2026-02-09): Benj Edwards:
Most notably, the OpenClaw platform is the first time we’ve seen a large group of semi-autonomous AI agents that can communicate with each other through any major communication app or sites like Moltbook, a simulated social network where OpenClaw agents post, comment, and interact with each other. The platform now hosts over 770,000 registered AI agents controlled by roughly 17,000 human accounts.
OpenClaw is also a security nightmare. Researchers at Simula Research Laboratory have identified 506 posts on Moltbook (2.6 percent of sampled content) containing hidden prompt-injection attacks. Cisco researchers documented a malicious skill called “What Would Elon Do?” that exfiltrated data to external servers, while the malware was ranked as the No. 1 skill in the skill repository. The skill’s popularity had been artificially inflated.
The OpenClaw ecosystem has assembled every component necessary for a prompt worm outbreak. Even though AI agents are currently far less “intelligent” than people assume, we have a preview of a future to look out for today.
I gave OpenClaw an export of my Apple Health data and asked it for some interesting analysis of heart rate vs travel data. It figured out that it could approximate my location from workout GPS annotations plus time zone stamps from other logged datapoints and then produced a bunch of interesting charts.
