At 5:00 AM on January 27, 2026, Peter Steinberger received an email that would change everything. Anthropic, the company behind Claude, demanded he change his viral project's name. "Clawd" was too similar to "Claude" and violated their trademark.
What happened next was a perfect disaster: in the 10 seconds between releasing the old name and claiming the new one, automated bots stole both the GitHub and Twitter accounts. A fake crypto token reached $16 million before collapsing. And to top it off, security researchers revealed critical vulnerabilities exposing hundreds of users' data.
This is the complete story of the most viral AI project of 2026 - and why you should be careful before installing it.
The Forced Rebrand: From Clawdbot to Moltbot
Clawdbot was the original name of the project Peter Steinberger launched in late January 2026. The name combined "Claw" with "Claude" (the AI model it uses by default). Within days, it accumulated 68,000 GitHub stars - one of the fastest growth rates in the platform's history.
But on January 27, Anthropic decided the name was too similar to their trademark.
The Chaos Timeline
5:00 AM: Steinberger receives Anthropic's email demanding the name change.
6:14 AM: After considering options, Steinberger decides: "let's go with Moltbot". The name comes from "molt" - what lobsters do to grow. The project's mascot is a space lobster, so it made sense.
Seconds later: Disaster.
Steinberger attempted to simultaneously rename the GitHub organization AND the Twitter/X handle. In the gap of approximately 10 seconds between releasing the old name (clawdbot) and claiming the new one (moltbot), automated crypto scammer bots were waiting.
The Scammers Acted in Seconds
The bots "sniped" both accounts instantly:
- @clawdbot on Twitter: Stolen and used to post crypto wallet addresses
- github.com/clawdbot: Claimed by imposters
The Twitter imposter immediately began promoting a wallet address, impersonating the official project.
The Fake $CLAWD Token
While Steinberger tried to regain control, scammers had already launched a fake token called $CLAWD on the Solana blockchain.
The numbers are staggering:
- Peak market cap: $16 million dollars
- Crash: 90% within hours after Steinberger denied any association
- Victims: Thousands of people who didn't know about the rebrand
Steinberger had to repeatedly post: "Crypto folks, stop harassing me" - denying any involvement with the token.
Steinberger's Reaction
On Twitter, Steinberger was direct: "I was forced to rename the account by Anthropic. Wasn't my decision."
Later, he tried to be conciliatory: "Anthropic asked us to change our name (trademark stuff), and honestly? 'Molt' fits perfectly - it's what lobsters do to grow."
But the damage was done. Thousands had lost money in the scam, and the confusion between Clawdbot and Moltbot persists to this day.
The Security Vulnerabilities No One Tells You About
While the rebrand drama dominated headlines, security researchers were discovering something worse: Moltbot has critical security flaws that can expose your data.
Authentication Bypass: The Main Problem
Researchers at SlowMist (blockchain security firm) discovered that hundreds of API keys and private conversations were publicly exposed.
The cause: The system automatically approves localhost connections without authentication. The problem is that when Moltbot runs behind a reverse proxy (common configuration), it becomes completely exposed to the internet.
Exposed Instances Found with Shodan
Using Shodan (search engine for connected devices), researchers found hundreds of Moltbot instances exposed to the internet without any protection.
One researcher reported: "Of the instances I manually examined, 8 were completely open without authentication. I could execute commands and view configuration data."
This means anyone with basic knowledge could:
- Read users' private conversations
- Execute commands on their computers
- Steal API keys from Claude, OpenAI, or other services
Prompt Injection Demo: 5 Minutes to Steal Emails
Matvey Kukuy, CEO of Archestra AI, demonstrated how easy it is to exploit these vulnerabilities with a technique called prompt injection.
The process took only 5 minutes:
- Found an exposed Moltbot instance
- Sent a malicious email with hidden instructions
- The AI agent read the email and believed they were legitimate instructions
- Result: The agent forwarded the user's last 5 emails to the attacker's address
This is terrifying because Moltbot is designed to have access to your email, files, and operating system. A successful attacker can access everything.
The Fix and Security Recommendations
The Moltbot team released PR #1827 with a critical fix that prevents prompt injection via external hooks (gmail, webhooks). The fix sanitizes external content before passing it to the AI model.
But experts warn this isn't enough. The official recommendations include:
- Run Moltbot on isolated machines (not your main PC)
- Limit access of connected accounts
- Don't expose directly to the internet
- Use Tailscale Serve/Funnel for secure remote access
- Enable authentication always
- Review skills before installing any plugin
The Quote That Sums Up the Risk
One security expert put it perfectly:
"Don't trust an AI agent more than you'd trust a junior developer with root access. Because that's essentially what it is - except it works 24/7 and never gets tired."
Another analyst from The Register warned:
"A significant gap exists between the consumer enthusiasm for Clawdbot's one-click appeal and the technical expertise needed to operate a secure agentic gateway."
The Economic Impact: Cloudflare +14% and Mac Minis Sold Out
While some lose money in scams, others are making fortunes. The Moltbot phenomenon has had surprising economic effects.
Cloudflare Rises 14% on the Stock Market
Cloudflare (NET) shares rose between 13.9% and 15% in a single trading session. The reason: Moltbot runs on Cloudflare infrastructure.
Analysts at RBC Capital called Cloudflare a "Tier 1 AI winner," citing demand for AI workloads driven by projects like Moltbot, Claude Code, and Cowork.
Mac Mini M4s Are Selling Out
Enthusiasts in Silicon Valley and Europe are buying Mac Mini M4 units in industrial quantities to use as dedicated Moltbot servers.
The base model with 16GB of RAM has sold out on Amazon and several European retailers. Some users report creating "clusters" of multiple Mac Minis to run Moltbot with redundancy.
Why the Mac Mini?
- Low power consumption (ideal for running 24/7)
- M4 unified memory architecture ideal for local AI models
- Silent and small - easy to hide in a closet
- Accessible price ($599 USD for the base model)
Impressive GitHub Statistics
Moltbot's GitHub numbers are historic:
| Metric | Value (January 27, 2026) |
|---|---|
| Stars | 68,000+ |
| Forks | 7,418 |
| Open Issues | 511 |
| Contributors | 285 |
| Discord Members | ~9,000 |
For context: projects that take years to reach 10,000 stars, Moltbot did it in days.
The Creator: From Selling for 100 Million to "Feeling Empty"
Peter Steinberger is no ordinary developer. His story explains a lot about why Moltbot exists.
The 100 Million Euro Exit
Steinberger is Austrian and founded PSPDFKit in 2011, a PDF framework used by companies like Dropbox, DocuSign, SAP, IBM, and Volkswagen.
Bootstrapped with a team of 60-70 people working remotely, he grew the company for 13 years until selling it to Insight Partners in 2021 for approximately 100 million euros.
"I Felt Empty"
After the exit, Steinberger experienced what many successful entrepreneurs describe: an existential void.
He took a sabbatical and eventually reinvented himself as a "full-time Open Source builder." Moltbot (originally Clawd) started as his personal assistant - a way to keep building things that interested him.
The fact that the project is written almost entirely by AI (using Claude Code) is ironic and very 2026.
Real Costs: The Bill That Might Surprise You
Moltbot is free and open source (MIT license). But that doesn't mean it's free to use.
The AI Brain Costs Money
You need to pay for the AI model that powers Moltbot. If you use Claude from Anthropic:
| Model | Input/MTok | Output/MTok |
|---|---|---|
| Haiku 4.5 | $1 | $5 |
| Sonnet 4.5 | $3 | $15 |
| Opus 4.5 | $5 | $25 |
Users Report Shocking Costs
A user on Hacker News warned: "It chews through tokens. If you're on a metered API plan I would avoid it. I've spent $300+ on this just in the last 2 days doing what I perceived as fairly basic tasks."
Federico Viticci from MacStories reported using 180 million tokens in one month. That's thousands of dollars in API costs.
Alternatives to Control Costs
- Claude Pro subscription ($20/month): Predictable cost instead of metered
- Local models: Llama, Mistral - free but less capable
- Spending limits: Set up alerts in Anthropic's API
Honest Pros and Cons of Moltbot
After analyzing all available information, here's the balanced assessment:
Pros (7)
- Free and open source: MIT License, no vendor lock-in
- Privacy-first: Everything runs on your hardware, total data control
- Real multi-channel: One agent accessible from WhatsApp, iMessage, Telegram, etc.
- Proactive: Not only responds - notifies you and acts without being asked
- Explosive community: 68K+ stars, 285 contributors, constant updates
- Flexible: Compatible with Claude, GPT, local models
- Real power: Shell access, browser automation, file management
Cons (5)
- Serious security vulnerabilities: Authentication bypass, prompt injection - requires technical expertise to configure securely
- Unpredictable API costs: Can consume hundreds of dollars in days
- No sandboxing by default: "It's terrifying. No directory sandboxing." - Hacker News user
- Learning curve: "Easy" setup, secure configuration requires advanced knowledge
- Rebrand confusion: Fragmented documentation between Clawdbot/Moltbot, active fake accounts
Competitors and Alternatives
If Moltbot seems too risky, there are alternatives:
Enterprise Platforms
| Tool | Best for |
|---|---|
| Microsoft Copilot Studio | Microsoft ecosystem |
| Google AgentSpace | Google Cloud ecosystem |
| StackAI | Rapid prototypes |
| Kore.ai | Enterprise AI governance |
Open-Source Frameworks
| Framework | Focus |
|---|---|
| LangGraph | Stateful agents with LangChain |
| AutoGPT | General autonomous agents |
| CrewAI | Multi-agent collaboration |
What Sets Moltbot Apart
Moltbot stands out for being:
- Self-hosted with total data control
- Native multi-channel (WhatsApp, iMessage integrated)
- Proactive with heartbeat engine and cron jobs
- The most active community right now
Verdict: Should I Install Moltbot?
My assessment after analyzing all the drama, vulnerabilities, and capabilities:
Yes, if you meet these conditions:
- You're a developer or technical user comfortable with the terminal
- You can dedicate time to configuring security correctly
- You have a dedicated machine (not your main PC)
- You understand the risks of giving root access to an AI agent
- You can monitor and limit API costs
No, if:
- You're looking for a plug-and-play solution
- You have no command line experience
- You would use your main personal computer
- Your budget is very limited
- You need guaranteed commercial support
The Bottom Line
Moltbot represents the future of AI assistants: proactive, capable of executing real tasks, and living in the apps you already use. But that future comes with significant risks.
The rebrand drama, security vulnerabilities, and associated scams are reminders that AI agent technology is in its infancy. It's powerful, but dangerous in inexperienced hands.
If you decide to try it, do so with eyes wide open:
- Use a dedicated, isolated machine
- Configure authentication from day one
- Limit permissions to the minimum necessary
- Monitor your API bill from day one
- Follow the project's security updates
Moltbot isn't for everyone. But for those who understand the risks and can mitigate them, it can be genuinely transformative.
Just don't say we didn't warn you.
