Kolja Nolte

The rise and fall of ClawdBot (or whatever the hell it’s called today)

Frustrated man working late at night on ClawdBot issues

On November 25, 2025, the internet prostrated itself for yet another AI-based system. The name: ClawdBot. The promise: “Clears your inbox, sends emails, manages your calendar, checks you in for flights”. The problem: e-ve-ry-thing.

It starts with the name itself. “ClawdBot” is only one of the names of this tool. Then there was “MoltBot”, which is today known as “OpenClaw.” The latter was chosen because “Clawd” sounded a bit too much like a trademark infringement lawsuit waiting to happen. Anthropic, whose lawyers gave much sharper “claws”, didn’t find the homage amusing. Alright, said the sole Austrian developer, Peter Steinberg, and changed it to “MoltBot.” What led to the (hopefully last) change to OpenClaw is unknown.

ClawdBot, MoltBot, OpenClaw

But it was too late. Thousands of people had already downloaded, used, and written glorifying reviews of what is now OpenClaw, including media giants like Forbes, Wired, and Axios. And when the ClawdBot references ended, and everyone switched to “MoltBot,” the name had already been changed again. This time to “OpenClaw,” which was released on January 4, 2026. With people like Alex Finn, founder and CEO of Creator Buddy (some kind of competitor), who called it the greatest AI application to date, like having a dedicated AI employee at your service around the clock.

If you’re not confused at this point, you’re not paying attention. It took me a few hours to realize that all these products were, more or less, exactly the same. One thing stayed, though: The CLI command clawdbot. Checkmate, Anthropic!

A close-up of a man, Davie504, with dark hair wearing white over-ear headphones, looking directly into the camera with a deadpan, intense expression as the word "CHECKMATE" appears in bold white text over his mouth.
Checkmate, anthropic. Wait, not so fast.

A’ight, so what the hell is ClawdBot MoltBot OpenClaw actually? Marketed as “the AI that actually does things,” OpenClaw runs directly on users’ operating systems and applications. It can automate tasks such as managing emails and calendars, browsing the web, and interacting with online services.

What Problems does it solve? None

Let’s pretend for a second that this actually works. I have a server running… what was the name again? Right, OpenClaw. So, a server running OpenClaw in the background and hooked up to whatever AI provider you wish; it works with almost everything. Before running it, I set up a Telegram bot. That’s your point of entry. Writing to your new “contact” is like writing a normal AI prompt. “Hey, create a new Vite.js project in my home directory. Some /-commands are available for quick configuration, but that’s it, in essence.

The community was so excited, they forced the software into everything that has enough memory, from

Raspberry Pis

Raspberry pi terminal screenshot and tweet on black background

to a freaking Tamagochi!

Tweet about custom tamagotchi on e reader device

Self-proclaimed “analysts” on LinkedIn, whose primary skill is formatting listicles and adding emojis to every line, announced the “dropping” of the “Ultimate ClawdBot Report,” which was viewed 41,434 times as of today.

But even the reviews – at least the ones not written by the intern of the “Lifestyle” section of their news site – already saw a glimmer of problems on the horizon that has evolved into a gigantic shitstorm and is currently trashing the project – regardless of the name. X users are now frantically deleting their glorifying posts and acting like they “knew it from the beginning.” Yeah, John, sure.

It’s a rare phenomenon that an open-source software grows explodes so fast, with almost everyone comparing it to an AI assistant personally engineered by Jesus Christ himself. And then, within merely weeks or just days, was nailed to the cross, stoned, and led to bleed to death in the smoldering sun of a toxic open-source community.

And the whole debate has just started.

“From magick to malware”

The security flaws were plentiful, to put it mildly. Leaking actual API keys, sucking up bandwidth for training, and payload injection are only some of the “200+ safety issues” my new adopted country claims to have.

The awesome guys at Cisco.com went into more detail and weren’t afraid to call ClawdBot a “security nightmare.” They went so far as to add ClawdBot to their security tool, which exposes the app’s tool poisoning and command injection, just to name a few. The biggest flaw: the possibility of adding malicious MoltBot ClawdBot skills used to push password-stealing malware.

Even my favorite and dearly loved password manager, 1Password, which is one of my must-have apps, warned users using ClawdBot with a bold headline, “From magick to malware,” that is as essential as the Epstein files. I could list a ton of other articles explaining what’s wrong with this assistant, but I don’t think that’s necessary. What is necessary is one thing to keep in mind:

AI-driven Software can be as unsafe as renting a scooter in Phuket with zero experience and a flip-flop on one foot, even if the developer swears the “brakes are brand new.”

A Cautious Tale of Open-Source Projects

I, too, toyed with OpenClaw over the weekend. The old URL clawd.bot now redirects to openclaw.ai, after the presumably preferred .bot domain was snatched away on January 29, 2026. It took me a while to really install and get it to work. Before letting it go rogue on my server, which hosts, among others, this blog, which has the SEO ranking of a Geocities page dedicated to hamster funerals.

So I chose to install it on my iMac. One line, an install script, that’s all it needed—that was the promise. Of course, this wasn’t the case, and I ended up downloading the GUI version to get at least some visual ideas of what’s going wrong and how to get this thing started.

In the end, I managed. I hooked up to Telegram via creating a bot and tested a few LLMs – Gemini 2.5 Flash-Lite, Minimax 2.1, Qwen3 – by “chatting” with it and giving it the occasional, harmless command (“Create a Markdown file containing a poem of Alpacas on my Desktop”). It worked, technically. But so does a sundial at night if you have a flashlight: It moved with the urgency of a granddad browsing Netflix. The slash commands themselves were as fast as you’d expect. But general text queries took – and I counted this a dozen times – 4-5 seconds.

The last thing I tried was creating a Telegram group, thinking I could share this awesome assistant with my wife, whose employer recently underwent a hostile takeover by the Chinese and immediately saved the biggest unnecessary by banning everything from free water to bringing your own fan in a country where the temperatures are over 32 °C (90 °F, for the less educated) for 360 days of the year.

API Keys needed? Just hack ClawdBot

Spoiler alert: It failed harder than a junior developer on their first deploy on a Friday afternoon. I managed to get a group running (wow!), invited my assistant (Minimax 2.1, which I felt was the best choice for this), and was also able to give it commands. However, my dear wife was entirely ignored. So much about my experience.

And then I asked myself: What problem does this solve? I mean, what actual problem? Or, to say it with the checklist of one optimistic X user who thought ClawdBot, or whatever it was called back then, was the perpetuum mobile of churning through arduous tasks:

  • wake up on time
  • not lay in bed scrolling
  • exercise
  • eat a healthy breakfast
  • avoid procrastinating
  • stop panic anxiety loops
  • focus on work
  • make sweet love

Needless to say, none of this was my problem. And call me old-fashioned, but I prefer to fuck my wife personally. If I wanted a lifeless, automated interaction, I’d just use JIRA.

Tags: