The latest buzz around AI has introduced a surprising mascot: a lobster. Moltbot, formerly known as Clawdbot, quickly gained popularity after its launch, even changing its name due to a legal issue with Anthropic. But before you dive in, here’s what you should know.
Moltbot’s tagline is “the AI that actually does things.” It can manage your calendar, send messages through your favorite apps, and even check you in for flights. This promise has attracted thousands of users willing to navigate the technical setup, even though it started as a small project created by one developer for personal use.
That developer is Peter Steinberger, an Austrian founder known online as @steipete, who shares insights through his blog. After stepping back from his previous venture, PSPDFkit, he found himself disengaged from coding for three years. Eventually, he rediscovered his passion, leading to the creation of Moltbot.
Although Moltbot has evolved from its initial concept, the public version still stems from Clawd, “Peter’s crustacean assistant,” now known as Molty. This tool was initially designed to help him “manage his digital life” and “explore human-AI collaboration.”
For Steinberger, reconnecting with the AI momentum reignited his passion for building. Initially inspired by Anthropic’s flagship AI, Claude, he chose the name Clawdbot. However, Anthropic requested a rebranding for copyright reasons. TechCrunch reached out to Anthropic for comment, but the project’s “lobster soul” remains intact.
To early users, Moltbot symbolizes the forefront of what AI assistants can achieve. Those excited about quickly generating websites and apps are even more eager to have personal AI support them in various tasks. Like Steinberger, many users are keen to tinker with their setup.
This enthusiasm explains how Moltbot quickly garnered over 44,200 stars on GitHub. The buzz surrounding it even impacted markets, with Cloudflare’s stock rising 14% in premarket trading after social media chatter reignited investor interest in Cloudflare’s infrastructure, which developers use to run Moltbot locally.
However, Moltbot is still in early adopter territory, and that might be a good thing. Setting it up requires a level of tech-savviness, along with an understanding of the potential security risks involved.
On one side, Moltbot was developed with safety in mind: it’s open source, allowing anyone to check its code for security flaws, and it runs locally on your computer or server instead of in the cloud. On the flip side, its functionality introduces risks. Entrepreneur and investor Rahul Sood noted that “‘actually doing things’ means ‘can execute arbitrary commands on your computer.’”
Sood worries about “prompt injection through content,” where a malicious person could message you on WhatsApp, potentially causing Moltbot to execute unintended actions on your computer without your consent.
You can reduce these risks with careful setup. Since Moltbot supports various AI models, users might want to choose configurations based on their comfort level with these threats. That said, the only way to fully safeguard against them is to isolate Moltbot in a controlled environment.
This is something experienced developers understand, but many are voicing concerns for those caught up in the hype, warning that carelessness could lead to problems similar to what happened with ChatGPT.
Steinberger faced a reminder of the risks of malicious actors when he encountered issues during his project’s renaming. He revealed on X that “crypto scammers” had taken his GitHub username to create fake cryptocurrency projects, cautioning followers that “any project listing [him] as a coin owner is a SCAM.” He later confirmed the GitHub issue was resolved but reminded users that his legitimate X account is @moltbot, not any of the numerous scam variations out there.
That doesn’t mean you should avoid Moltbot outright if you’re curious. However, if you’re unfamiliar with VPS (virtual private server) — essentially a rented remote computer for running software — you might want to hold off for now. Sood advised against running it on your primary laptop, which may contain your SSH keys, API credentials, and password manager.
For the time being, using Moltbot securely means operating it on a separate computer with disposable accounts, which somewhat counteracts the benefits of having an AI assistant. Addressing this balance between security and convenience may involve solutions beyond Steinberger’s control.
Nonetheless, by developing a tool to tackle his own challenges, Steinberger has shown the developer community the tangible achievements of AI agents and how truly autonomous AI might become genuinely useful rather than just impressive.
