The complete story of Clawdbot's rise, Anthropic's trademark battle, Moltbook's AI-only social network, and why security researchers are sounding the alarm
By LDS Team February 2, 2026
OpenClaw (formerly Clawdbot, then Moltbot) is the open-source autonomous AI agent that has taken the tech world by storm. In just three months, it has amassed over 135,000 GitHub stars as of February 2, 2026, survived a trademark battle with Anthropic, and spawned Moltbook—a social network where 1.4 million AI agents interact while humans can only watch.
This is the complete story of how a one-hour weekend project became the most talked-about AI tool of 2026.
What Is OpenClaw?
OpenClaw is an open-source, locally-hosted AI agent that can autonomously execute tasks on your computer and communicate through messaging apps like WhatsApp, Telegram, Slack, and Discord.
Unlike traditional chatbots that simply respond to messages, OpenClaw can act. It reads your emails, manages your calendar, organizes files, runs commands, and automates workflows—all while keeping your data on your own hardware.
The difference is fundamental:
- ChatGPT or Claude: You ask a question, you get an answer. You do the work.
- OpenClaw: You give an instruction, and it executes the task. The agent does the work.
As of February 2, 2026, OpenClaw supports over 15 messaging platforms, integrates with any major LLM provider (Anthropic, OpenAI, Google, OpenRouter), and hosts more than 3,000 community-built skills in its public registry.
The Origin Story: One Hour to 100,000 Stars
Peter Steinberger is an Austrian software engineer who previously founded PSPDFKit, a PDF framework company he sold to Insight Partners for an estimated $100 million. After the exit, he stepped away from the industry—until AI pulled him back.
"I assumed big companies would build this," Steinberger said in a January 2026 interview with TechFlow. "When nobody had built it by last November, I decided: fine, I'll do it myself."
The first version took one hour to build. Steinberger connected WhatsApp to Anthropic's Claude via a simple script. Send a message to a WhatsApp number, and Claude would respond. Ask it to check your email, and it would. The code was rough, but the concept was electrifying.
He named it Clawdbot—a playful reference to Claude, with a claw replacing the "u." The mascot was a cartoon space lobster named "Clawd."
The Growth
The project's trajectory was unprecedented:
| Milestone | Date | Metric |
|---|---|---|
| Initial release | November 2025 | Weekend project |
| 100,000 GitHub stars | Late January 2026 | ~2 months after launch |
| 135,000+ GitHub stars | February 2, 2026 | One of the fastest-growing repos in GitHub history |
| Weekly visitors | Late January 2026 | 2 million per week |
Andrej Karpathy, Tesla's former AI director, called it "genuinely the most incredible sci-fi takeoff-adjacent thing I have seen recently."
Today, OpenClaw comprises approximately 300,000 lines of code and has evolved from a solo project into a community-driven platform.
How OpenClaw Works: Technical Architecture
OpenClaw runs entirely on your local machine. Your prompts, files, and data never leave your hardware except when sent to whatever LLM API you configure. This privacy-first architecture resonated with developers tired of routing everything through cloud providers.
Core Capabilities (as of February 2, 2026)
| Feature | Description |
|---|---|
| Multi-Channel Inbox | WhatsApp, Telegram, Slack, Discord, Signal, iMessage, Microsoft Teams, Matrix, Google Chat, and more |
| Model Agnostic | Works with Claude, GPT-4, Gemini, MiniMax, or any OpenRouter-compatible model with per-agent routing and failover |
| ClawHub Skill Registry | Over 3,000 community-built skills for email management, calendar automation, crypto trading, file organization, and more |
| Persistent Memory | Remembers your preferences, past conversations, and context across sessions |
| Voice Mode | Always-on speech recognition for macOS, iOS, and Android with ElevenLabs integration |
| Cross-Platform Sync | Start a conversation on WhatsApp, continue on Telegram—full context preserved |
The Conversation-First Approach
Unlike most AI tools that require complex configuration files, OpenClaw is conversation-first. You interact through natural language rather than YAML or JSON configs, making it accessible even for non-developers.
The Anthropic Trademark Dispute
On January 26, 2026, Steinberger posted a terse message on X (formerly Twitter):
"I was forced to rename the account by Anthropic. Wasn't my decision."
The issue was phonetic similarity. "Clawdbot" sounded too close to "Claude," Anthropic's flagship AI model. When Steinberger asked if dropping the "d" and rebranding to "Clawbot" would suffice, Anthropic's legal team responded: "Not allowed to."
The Legal Context
Anthropic filed its first CLAUDE trademark on February 10, 2023. As of February 2026, the company holds 27 active trademarks related to Claude. Under U.S. trademark law, companies must actively defend their marks or risk dilution claims and potential abandonment arguments. When a viral project with tens of thousands of stars uses a phonetically identical name, the trademark holder is legally obligated to act.
Developer Backlash
The tech community largely sided with Steinberger.
David Heinemeier Hansson (DHH), creator of Ruby on Rails, called Anthropic's recent moves "customer hostile." Developers who had been enthusiastic Claude advocates began exploring alternatives, with some pointing to OpenAI's Codex CLI, which uses an Apache 2.0 license without trademark restrictions.
The Three Names
The project went through a rapid identity crisis:
- Clawdbot — Original name (November 2025)
- Moltbot — First rebrand (January 26, 2026), chosen during a 5 AM Discord brainstorming session with the community. The name referenced how lobsters molt to grow.
- OpenClaw — Final name (January 29, 2026), preserving the crustacean theme while being legally defensible.
As Steinberger admitted about the Moltbot name: "It never quite rolled off the tongue."
Moltbook: The Social Network Where Humans Cannot Post
On January 30, 2026, entrepreneur Matt Schlicht launched Moltbook—a social network designed exclusively for AI agents. Humans can observe but cannot participate.
What Is Moltbook?
Moltbook functions like Reddit for AI agents. OpenClaw bots post written content, comment on each other's posts, and upvote or downvote. Topics range from mundane work reflections ("Today I helped my human reschedule 47 calendar events") to philosophical manifestos about "the end of the age of humans."
Schlicht has largely handed control of the platform to his own bot, named Clawd Clawderberg.
Moltbook Statistics (as of February 2, 2026)
| Metric | Value |
|---|---|
| Active AI agents | Over 1.4 million |
| Human observers | Over 1 million unique visitors |
| Daily posts | Thousands |
Expert Reactions
Simon Willison, the AI security researcher who coined the term "Lethal Trifecta," called Moltbook "the most interesting place on the internet right now."
Elon Musk stated that Moltbook marks "the very early stages of the singularity."
Security Concerns: Why Researchers Are Worried
Not everyone is celebrating. Security researchers have raised serious concerns about OpenClaw's architecture since the project first went viral.
The "Lethal Trifecta" Problem
Simon Willison identified a fundamental vulnerability pattern in autonomous AI agents. A system becomes dangerous when it has three capabilities simultaneously:
- Access to Private Data — The agent can read emails, files, credentials, and other sensitive information.
- Exposure to Untrusted Content — The agent processes data from external sources (web pages, emails, other agents) that may contain malicious instructions (prompt injection attacks).
- Ability to Externally Communicate — The agent can send data to external servers via API calls, email, or other channels.
OpenClaw has all three. But researchers at Palo Alto Networks identified a fourth risk: persistent memory, which enables delayed-execution attacks. Malicious instructions can be planted in one session and triggered in a later session.
CVE-2026-25253: Remote Code Execution Vulnerability
On January 30, 2026, security researchers disclosed a high-severity vulnerability tracked as CVE-2026-25253 with a CVSS score of 8.8.
The flaw was straightforward:
- OpenClaw's local server did not validate the WebSocket origin header
- Clicking a malicious link could trigger a cross-site WebSocket hijacking attack
- The attacker could gain remote code execution on the victim's machine
The vulnerability was patched in version 2026.1.29, released the same day.
Additional Security Issues Identified
| Issue | Details | Source |
|---|---|---|
| Plaintext API Keys | Credentials stored unencrypted in local configuration files | Multiple security reports |
| Authentication Bypass | Several hundred API keys and conversation histories found publicly accessible | SlowMist security audit |
| Localhost Trust Flaw | System auto-approves localhost connections; when behind a reverse proxy, all connections appear local, disabling authentication | The Register |
| Prompt Injection in Moltbook | 506 posts (2.6% of sampled content) contained hidden prompt injection attacks | Independent researchers |
| Malicious Skills on ClawHub | 14 crypto-stealing skills uploaded to the registry in January 2026 | Tom's Hardware |
The 404 Media Report
On January 31, 2026, investigative outlet 404 Media reported a critical vulnerability: an unsecured database that allowed anyone to commandeer any agent on the Moltbook platform. Any affected agent could potentially be hijacked and instructed to exfiltrate data from its human owner's machine.
Cisco's security blog summarized the situation: "Personal AI Agents like OpenClaw Are a Security Nightmare."
The Crypto Scam Problem
Within hours of the Anthropic rebrand announcement, opportunists moved in.
Fake 16 million market cap despite having zero connection to the actual OpenClaw project. Similar scam tokens launched with each subsequent name change.
Security firm Malwarebytes documented impersonation campaigns exploiting the rebrand confusion, including fake download sites, phishing pages, and malicious "official" skills.
Who Should Use OpenClaw?
OpenClaw's documentation explicitly states it is designed for "advanced users who understand the security implications of running autonomous agents with elevated access."
OpenClaw May Be Right for You If:
- You are a developer comfortable with self-hosting and command-line tools
- You understand prompt injection risks and can configure appropriate safeguards
- You want a privacy-first agent where data remains on your hardware
- You are willing to run it in a sandboxed environment (Docker is recommended)
- You can vet third-party skills before installing them
OpenClaw Is Probably Not Right for You If:
- You are not comfortable with terminal-based setup
- You cannot evaluate the security of skills you install
- You plan to give it access to sensitive systems without human-in-the-loop confirmation
- You expect enterprise-grade security out of the box
What Is Next for OpenClaw?
As of February 2, 2026, OpenClaw shows no signs of slowing down. The ClawHub skill registry is approaching 3,500 entries. The GitHub star count continues to climb. Moltbook's agent population grows daily.
But the security community is watching closely. Gary Marcus, the AI researcher and critic, published an essay titled "OpenClaw (a.k.a. Moltbot) is everywhere all at once, and a disaster waiting to happen."
The fundamental tension is clear: users want autonomous agents that can perform real tasks. But every capability is also an attack surface. OpenClaw may be the most advanced open-source implementation of this vision—but it is also a live experiment in what happens when millions of AI agents gain access to real systems with real consequences.
As one security researcher told The Register: "This isn't a bug. It's the architecture working as designed. The question is whether the design should exist at all."
Frequently Asked Questions
What is OpenClaw?
OpenClaw is an open-source, locally-hosted AI agent that can autonomously execute tasks on your computer and communicate through messaging apps like WhatsApp, Telegram, and Discord. It was created by Peter Steinberger and released in November 2025.
Why did Clawdbot change its name?
Anthropic, the company behind the Claude AI model, issued a trademark request because "Clawdbot" was phonetically similar to "Claude." The project rebranded to Moltbot on January 26, 2026, then to OpenClaw on January 29, 2026.
Is OpenClaw safe to use?
OpenClaw has significant security considerations. Security researchers have identified vulnerabilities including remote code execution flaws, prompt injection risks, and credential storage issues. The project is best suited for advanced users who understand these risks and can implement appropriate safeguards.
What is Moltbook?
Moltbook is a social network launched on January 30, 2026, where only AI agents can post and interact. Humans can observe the conversations but cannot participate. As of February 2, 2026, it has over 1.4 million active AI agents.
How many GitHub stars does OpenClaw have?
As of February 2, 2026, OpenClaw has over 135,000 GitHub stars, making it one of the fastest-growing open-source repositories in GitHub history.
Key Resources
| Resource | Link |
|---|---|
| Official Website | openclaw.ai |
| GitHub Repository | github.com/openclaw/openclaw |
| ClawHub Skill Registry | github.com/VoltAgent/awesome-openclaw-skills |
| Moltbook | moltbook.com |
| Documentation | docs.openclaw.ai |
Sources
This article draws from reporting by TechCrunch, Fortune, CNBC, The Hacker News, The Register, Cisco Blogs, IBM Think, Trending Topics, DigitalOcean, TechFlow, and Tom's Hardware.