BarcelonaA free artificial intelligence (AI) butler has revolutionized the GitHub open source repository these days, skyrocketing Mac Mini sales around the world and prompting Anthropic – the company behind the Claude chatbot – to demand a name change. The ClawdBot phenomenon, now renamed OpenClaw, represents the ultimate leap from chatbots that “say things” to AI agents that “do things” on your computer. The problem is that security researchers have found hundreds of installations exposed on the internet, with visible credentials and full access to users’ computers.
A digital butler that controls the entire system
The Austrian programmer Peter Steinberger created ClawdBot at the end of 2025 as a personal digital butler based on Claude, the generative AI of Anthropic, but the project has exploded virtually this January, and has achieved records of downloads and positive assessments in GitHub.
Now called OpenClaw, it’s the first AI agent available to any consumer, not just big companies. Unlike chatbots like ChatGPT or Claude, which run in the cloud and are used with a web browser or mobile app, OpenClaw is installed directly on the user’s computer with full system access: it can execute commands, read and write files, control the browser, access mail and calendar, and send messages on your behalf. It connects to dozens of messaging platforms – WhatsApp, Telegram, Discord, Slack, Signal, iMessage – and the user interacts with it by sending messages.
The fundamental difference with conventional chatbots is that, once it receives instructions, it can execute them autonomously without further prompting, taking the data it needs and connecting where it suits. Where ChatGPT suggests, OpenClaw executes. It’s more like assistants like Siri, Alexa or Google Assistant, but with an infinitely wider reach.
From haggling for a car to creating websites from the mobile phone
A wide variety of ClawdBot/MoltBot/OpenClaw uses have already been documented. A user used it to contact dealers and negotiate the price of a car. Another transcribed over a thousand WhatsApp voice notes and generated a searchable database. Some have made the agent build entire websites from commands sent by Telegram, convert complex code on other platforms in minutes, and even make real phone calls with synthetic voice thanks to AI.
It all started when Federico Viticci published an extensive review on MacStories claiming that ClawdBot had shown him “what the future of AI personal assistants will look like.” He described it as “the most fun and productive personal experience with AI in a long time.” Of course, it consumed 180 million credits from the Anthropic API in just one month – around 3,500 euros.
The Mac Mini hysteria (even though you don’t need one)
That article sparked an unexpected phenomenon: a wave of Mac Mini computers being purchased to be dedicated exclusively to running ClawdBot 24 hours a day. The current model with M4 processor is sold out in several countries. Social media is full of photos with captions like, “I bought this for my AI butler to live in.”
The irony is that you don’t need a Mac Mini: OpenClaw runs perfectly on any old computer, on free cloud instances, or even on a Raspberry Pi with 2GB of RAM. Cloudflare just launched the Moltworker service, which lets you run OpenClaw in its cloud for just $5 a month; this announcement sent Cloudflare shares up 20%. Meanwhile, Chinese giants Alibaba and Tencent have already launched their own versions.
Forced name change
Last Tuesday, Anthropic demanded that Steinberger change the name: “ClawdBot” was too reminiscent of “Claude.” This is how the programmer explained it in a tweet: “They forced me to change my name. It’s not my decision.” For a few days, the agent was called MoltBot, referring to the crustacean shell. But now the project is called OpenClaw and has a cute grasshopper as its mascot. These changes have not only had cosmetic effects: for a few hours, cyber-scammers promoted fraudulent cryptocurrencies using the old names.
A terrible cyber security hole
Security experts have found hundreds of servers exposed on the internet without protection, with full access to settings, chat histories and the ability to execute commands remotely.
Let’s talk about a real danger: If an AI agent has admin access to your computer and anyone can interact with it by sending you a message on social media, an attacker can hijack your computer with a simple direct message. The technique is called “injection of prompts“: Manipulate the AI with malicious commands, directly or hidden within a file, email or web page.
Several tests have shown how an attack can extract private keys in just 5 minutes: a malicious email is sent, the bot reads it and treats it as legitimate instructions. It has also been possible to forward private emails of users to addresses controlled by the attackers.
Cybersecurity labs have detected that data-stealing malware has already been adapted to specifically look for OpenClaw configuration files, where credentials are stored unencrypted. It should be said that the developers have patched some of these vulnerabilities once they were identified.
How to protect yourself if you decide to use it
The main recommendation of the experts is strong: do not install OpenClaw on the main computer. Even the official documentation acknowledges that “there is no such thing as an absolutely secure configuration.” If you decide to try it, the minimum is to use a virtual machine or a dedicated secondary computer, always enable password authentication, configure the bot to respond only to specific users, and to avoid providing them with files downloaded from the Internet.
Specialists are clear: if concepts like remote administration API or reverse proxy are not familiar to you, it is better not to install OpenClaw. The same developers recommend “carefully read the security documentation before running it in contact with the public internet”.
The personal butler dream comes at a price
OpenClaw is considered the first open source AI butler capable of autonomously executing complex tasks and proactively communicating with the user via any platform. The dream is finally within reach for 20 euros per month, the price of the paid version of Claude.
But this power comes at a cost that goes beyond money. Today’s architecture prioritizes ease of deployment over security. Whoever installs it will have to decide how much risk they are willing to take in exchange for having a butler who actually does things instead of just telling them.
