OpenClaw: the viral AI that controls your computer and opens a huge cybersecurity hole

BarcelonaA free artificial intelligence (AI) butler has recently taken the open-source repository GitHub by storm, boosted Mac Mini sales worldwide, and prompted Anthropic—the company behind the Claude chatbot—to demand a name change. The ClawdBot phenomenon, now renamed OpenClaw, represents the definitive leap from chatbots that "say things" to AI agents that "do things" on your computer. The problem is that security researchers have found hundreds of exposed installations online, with visible credentials and full access to users' computers.

A digital butler that controls the entire system

Austrian programmer Peter Steinberger created ClawdBot in late 2025 as a personal digital butler based on Claude, Anthropic's generative AI, but the project has gone viral this January, achieving record downloads and positive reviews on GitHub.

The now-called OpenClaw is the first AI agent available to any consumer. and not just from large companiesUnlike chatbots such as ChatGPT or Claude, which operate in the cloud and are used with a web browser or mobile app, OpenClaw is installed directly on the user's computer with full system access: it can execute commands, read and write files, control the browser, access email and calendar, and send messages on your behalf. It connects to dozens of messaging platforms—WhatsApp, Telegram, Discord, Slack, Signal, iMessage—and the user interacts by sending it messages.

The fundamental difference with conventional chatbots is that, once it receives instructions, it can execute them autonomously without further guidance, gathering the necessary data and connecting to the appropriate platform. Where ChatGPT suggests, OpenClaw executes. It's more similar to assistants like Siri, Alexa, or Google Assistant, but with an infinitely broader reach.

From haggling over a car to creating websites from your mobile phone

A wide variety of uses for ClawdBot/MoltBot/OpenClaw have already been documented. One user used it to contact car dealerships and negotiate the price of a car. Another transcribed over a thousand WhatsApp voice notes and generated a searchable database. Some have even had the agent create entire websites from commands sent via Telegram, convert complex code on other platforms in minutes, and even make real phone calls with a synthetic voice thanks to AI.

It all started when Federico Viticci published an extensive review on MacStories claiming that ClawdBot had shown him "what the future of AI personal assistants will look like." He described it as "the most fun and productive personal experience with AI in a long time." However, it consumed 180 million Anthropic API credits in just one month—around €3,500.

The hype for Mac Mini (although you don't need one)

That article sparked an unexpected phenomenon: a wave of Mac Mini purchases dedicated exclusively to running ClawdBot 24/7. The current model with the M4 processor is sold out in several countries. Social media is flooded with photos captions like, "I bought this so my AI butler has somewhere to live."

The irony is that you don't need a Mac Mini: OpenClaw works perfectly on any old computer, on free cloud instances, or even on a Raspberry Pi with 2GB of RAM. Cloudflare just launched the Moltworker service, which allows you to run OpenClaw on its cloud for only $5 a month; this announcement boosted Cloudflare's stock by 20%. Meanwhile, Chinese giants Alibaba and Tencent have already launched their own versions.

Forced name change

Last Tuesday, Anthropic demanded that Steinberger change the name: "ClawdBot" sounded too similar to "Claude." The programmer explained this in a tweet: "I've been forced to change the name. It's not my decision." For a few days, the agent was called MoltBot, a reference to the shell of crustaceans. But now the project is called OpenClaw and features a friendly lobster as its mascot. These changes haven't just had cosmetic effects: for a few hours, cybercriminals promoted fraudulent cryptocurrencies using the old names.

A terrible cybersecurity hole

Security experts have found hundreds of unprotected servers exposed on the internet, with full access to configurations, chat histories, and the ability to execute commands remotely.

This is a real danger: if an AI agent has administrator access to your computer and anyone can interact with it by sending you a message on social media, an attacker can hijack your system with a simple direct message. The technique is called "system injection." prompts": Manipulating AI with malicious commands, either directly or hidden within a file, email, or webpage.

Several tests have demonstrated how an attack can extract private keys in just 5 minutes: a malicious email is sent, the bot It reads it and treats it as legitimate instructions. It has also been possible to forward users' private emails to addresses controlled by the attackers.

Cybersecurity labs have detected that malicious data-stealing applications have already adapted to specifically search for OpenClaw configuration files, where credentials are stored unencrypted. It should be noted that developers have patched some of these vulnerabilities once identified.

How to protect yourself if you decide to use it

The experts' main recommendation is unequivocal: do not install OpenClaw on your primary computer. Even the official documentation acknowledges that "there is no absolutely secure configuration." If you decide to try it, at the very least you should use a virtual machine or a dedicated secondary computer, always enable password authentication, and configure the bot so that it only responds to specific users, and to avoid providing them with files downloaded from the internet.

The experts are clear: if concepts like remote administration APIs or reverse proxies are unfamiliar to you, it's best not to install OpenClaw. The developers themselves recommend "carefully reading the security documentation before running it in contact with the public internet."

The dream of a personal butler comes at a price.

OpenClaw is considered the first open-source AI butler capable of autonomously executing complex tasks and proactively communicating with the user across any platform. This dream is finally within reach for €20 a month, the price of Claude's paid version. But this power comes at a cost that goes beyond money. Current architecture prioritizes ease of deployment over security. Those who install it will have to decide how much risk they are willing to take in exchange for having a butler that actually does things instead of just telling them what to do.