Deploying Moltbot (Formerly Clawdbot)

Incredible story for so many reasons.

One thing that strikes me, I don't understand how so very many people can be technical enough to set this up yet have zero security awareness apparently. Maybe it's just me but I thought allow listing and data segregation were pretty basic.

Then again, I don't understand a lot of the modern internet personality who posts everything publicly and is keen to hand an AI keys to everything just to see what it can do.

Is this not the exact philosophy that brings about Skynet?

Only thing that makes this story nuttier is if someone asked moltbot to hijack itself and it did. Who knows, maybe that's next with one of these products.

Move fast and break self.

I think a lot of people assume things like this work great and don't actually have major security flaws... until something critical goes wrong and something is hijacked.

More generally, people often don't protect themselves until they experience a bad outcome. That's not universally true, but I've noticed it applies a lot more with tech.

How useful is it if you have to isolate it…
Integrating with all your shit directly, isn’t that the whole point of this thing?

Peter built this thing, and the Mac integration, yes? Can't imagine why he couldn't see the appeal of a Mac Mini dedicated to this thing. GUI apps, iMessage, primary iCloud, etc. and all running 24/7 headless. A Linux VM would certainly offer a lot, but not the complete feature set. But, yes, a macOS VM would be OK now (except there would be no MAS, of course). I didn't buy my Mac Mini for AI, but definitely for "server" duties, and although it's not as pleasant for FOSS software, it definitely has a lot to recommend it as a VM host for FOSS running in Linux plus the Mac sauce, including Arq for backup and SpamSieve for filtering with Mail.

Anyway. All the awful, terrible, very bad, no good things people predicted would happen if you just, like, expose an LLM agent to the Internet, actually happened. That would appear to be the story here. I'd be lying if I said it wasn't insanely sexy, but it's also, quite obviously, profoundly stupid.

This is frustrating. Because they're never going to make it safe. They never made the internet safe. They're currently working to make the internet *less* safe by removing the one thing that made it good: the ability for anonymous activists to collaborate over it.

This article just look like people thoughtlessly trading their privacy and safety for convenience. Like, who needs a bot to do this crap? It's sad to see people ignore the real issues with this tech for something so silly

I can see how fun and cool this is when you're jumping in, but I wonder about the staying power.

This reminds me of the early days of "The Smart™ Home" when people were setting up elaborate home automations for what would happen if someone rang the doorbell when they were watching TV etc.

"This article just look like people thoughtlessly trading their privacy and safety for convenience"

It's not even really convenience. Like, if I want to remember an appointment, it's very convenient to open the calendar app and put it into the calendar. It's much less convenient to go to WhatsApp and type "Put an appointment with my doctor in my private calendar on Tuesday, December 21st, at 3 pm," then hope it actually did it correctly and not even realize I have something else that day at that time.

Or things like "Put a note in my Obsidian in the Personal directory that says..." Why don't I just open Obsidian and put it in there? How is a chat UI more convenient for that?

I guess if it were hooked into a voice assistant, but even then, 90% of the time, just doing it directly seems more convenient than talking to the assistant.

I mean, maybe I don't really understand what people do all day long, I guess. But none of the things I do seem particularly amenable to this setup.

Perhaps people are just excited about cool software again? Many people probably haven't felt that way about new software for a decade or more. And this is really cool, even if it's also really dumb.

"I mean, maybe I don't really understand what people do all day long, I guess. But none of the things I do seem particularly amenable to this setup.

Perhaps people are just excited about cool software again? Many people probably haven't felt that way about new software for a decade or more. And this is really cool, even if it's also really dumb."

This is how I feel. Plus I feel like I'm dumb for missing something.

I get that it's cool to ask a Slackbot to book a table at a restaurant and then it manages to do it. But it's not really changing anything.

Biggest impact on my life lately has been to always carry a notebook and then take physical notes in it whenever I get an idea. It's as far away from talking into a ring as you can get.

On the other hand I'm no Tony Robbins so what do I know.

So I just created a Firefox add on that puts a poop emoji next to any links leading to x.com (so that I don't support the child porn generator)

Quick and easy and somewhat useful

But life changing? Nope.

The biggest appeal for tools like this, if they ever get to the point that I can even kind of trust them, is help handling email. I'm many thousands of unread emails in the hole for both work and personal accounts.

I'm 99% sure that I haven't missed anything important, but I'd love a tool that I could point at the backlog and have it automatically archive/delete/flag emails based on some criteria I give it. Getting down to a reasonable number of emails would be fantastic. At this point, I'd consider running this locally with the email sync tool with Ollama powering the AI part to do some email processing, but the idea of just letting it loose with everything is a big NOPE from me.

"help handling email"

I will never let an LLM with system and Internet access read my email. That's prompt injection central. In half a year, spammers will send out billions of emails trying to exploit such systems.

If you really, really want an LLM looking at your email in order to file it, then sandbox the executed commands to ones for moving mail between folders and nothing else, then verify the actions before and after. Definitely don't just let it act arbitrarily.

Which, if you think about it, is basically general advice really. You just can't be letting it do stuff without the confinement.

Guys, relax, I'm not planning on doing it... just saying one of the use cases that I'd like to see met. Prompt injection is just bad news and I don't expect it to be fixed soon.

I do want to know how someone falls thousands of emails behind at work. How does that happen?

@billyok:
Two ways. Gradually, then suddenly.
Hemingway aside, I can relate. I got sick for several months and returned to work facing a huge number of emails. Not having fully recovered I more or less gave up. Now I face an even huger number of emails. Many thousands indeed.

@Kristoffer: Was it you who recently asked Michael to mark links to Twitter? I forgot to second that request which I hereby do.

@billyok: mostly bad email hygiene on my part. I see the subject and know I don’t need to do anything about it and so I don’t. After a day or two of not doing anything about it, it rolls off the cliff and is never seen again. Also more or less what Thomas said, once you have xxxx unread emails what’s +1?

@Thomas Yes, that was me. My poop emoji plugin solved the issue for me, but not on my phone.

@billyok: many of the people I work with (not techs) get cc'd into a lot of conversations that they "need" to be aware of (in the opinion of someone, possibly not them). So they are working on stuff that they do need to do, and they don't read the email, and it goes below the fold, and soon you have 20,000 unread emails, and it's too daunting to actually try and recover. Also, the institution sends at least one, and possibly more, emails a day, and you never read them, and they get below the fold before you get around to deleting them.

And yes, I have at least three colleagues who had more than 20,000 unread emails in their inbox at one time. I think one of them may have actually worked on getting back to something "reasonable"?

+1 to please indicate links bound for X (formerly Twitter). (I know you know, but I do that on principle now.)

As for the email backlog … forget it, just know you're not alone. I do strongly encourage you to at least clean up your Inbox, and make sure the unimportant stuff goes into folders. If you can do this with (preferably server-side) rules and you have the patience, do that (see also the new iCloud Mail Cleanup, if using that service), else there's the wonder drug that is SaneBox, which I still use to clean up my accounts pending moving all my old services/contacts to my own domains. Disclosure: yes this is a referral link, $5 bonus for recipient and I get a month, but privacy aside I can genuinely recommend it.
https://www.sanebox.com/signup/23ed5031c0/c

"My poop emoji plugin solved the issue for me, but not on my phone."

There are mobile browsers that support extensions. I'm using Iceraven on Android; it's amazing.

@Ricky: Thankfully I'm not in the 5-digit unread in my work email at this point. My solution is more or less just periodically selecting everything older than some date and marking them as read and organizing it by year folders. Exchange search works well enough usually that I can find it again on the off chance I need it.

@Sebby: Yeah... I can't hook any external apps to my email account or calendar. I'd like to use the built-in Apple Mail on iOS, but I can't sign into my account in anything other than Outlook. Same for calendars and Fantastical. One thing I need to do is get removed from some team emails from a team I'm no longer on and see if I can get Outlook to actually use the Focused/Other categories correctly.

Clawdbot -> Moltbot -> now OpenClaw.

"I don’t know how many people are involved in managing the ClawHub registry, but there is no evidence that the skills listed there are scanned by any security tooling. Many of the payloads we found were visible in plain text in the first paragraph of the SKILL.md file."

https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto

This type of functionality is a preview of what will eventually be provided by first parties, once all of the integrations deals are made. Various tactics will be used to discourage other solutions. Overall these tactics will be successful because first-party integrations will be more seamless and featureful, and the general public tends to hand over whatever soft costs are asked of them where convenience is provided in return.

Regarding the naming fiasco, people underestimate the challenges of maintaining legal control over trademark in the US. Trademarks must be actively defended or lost. Anthropic's legal team took a hawkish stance not unlike most companies. Understandable, despite how people might feel about it.

Morality and the law are two different things, and if anyone hasn't noticed, both are currently going through a bit of a phase.

A little off topic but to the people with thousands of unread emails weighing on their psyche…just hit mark as read and call it done.

I know they aren’t read. But you ain’t reading them. So what’s the difference? At least your unread count will actually be useful again. If only for a while.