| ▲ | OpenClaw – Moltbot Renamed Again(openclaw.ai) |
| 216 points by ed 6 hours ago | 82 comments |
| |
|
| ▲ | voodooEntity 2 hours ago | parent | next [-] |
| So i feel like this might be the most overhyped project in the past longer time. I don't say it doesn't "work" or serves a purpose - but well i read so much about this beein an "actual intelligence" and stuff that i had to look into the source. As someone who spends actually a definately to big portion of his free time researching thought process replication and related topics in the realm of "AI" this is not really more "ai" than any other so far. Just my 3 cents. |
| |
| ▲ | baxtr an hour ago | parent | next [-] | | I think large parts of the "actual intelligence" stems from two facts: * The moltbots / openclaw bots seem to have "high agency", they actually do things on their own (at least so it seems) * They interact with the real world like humans do: Through text on WhatsApp, reddit like forums These 2 things make people feel very differently about them, even though it's "just" LLM generated text like on ChatGPT. | |
| ▲ | baby an hour ago | parent | prev | next [-] | | Its what everyone wanted to implement but didn’t have the time to. Just my 2cents. | |
| ▲ | hennell 2 hours ago | parent | prev | next [-] | | I was assuming this is largely a generic AI implementation, but with tools/data to get your info in. Essentially a global search with ai interface. Which sounds interesting, while also being a massive security issue. | |
| ▲ | QuiCasseRien an hour ago | parent | prev | next [-] | | > So i feel like this might be the most overhyped project in the past longer time. easy to meter : 110k Github stars :-O | |
| ▲ | az226 16 minutes ago | parent | prev [-] | | Feels very much like a Flappingbird with a dash of AI grift. |
|
|
| ▲ | eric-burel 3 hours ago | parent | prev | next [-] |
| Before using make sure you read this entirely and understand it:
https://docs.openclaw.ai/gateway/security
Most important sentence: "Note: sandboxing is opt-in. If sandbox mode is off"
Don't do that, turn sandbox on immediately.
Otherwise you are just installing an LLM controlled RCE. There are still improvements to be made to the security aspects yet BIG KUDOS for working so hard on it at this stage and documenting it extensively!! I've explored Cursor security docs (with a big s cause it's so scattered) and it was nothing as good. |
| |
| ▲ | TZubiri 2 hours ago | parent [-] | | It's typically used with external sandboxes. I wouldn't trust its internal sandbox anyway, now that would be a mistake | | |
| ▲ | jychang an hour ago | parent [-] | | Yeah, keep it in a VM or a box you don't care about. If you're running it on your primary machine, you're a dumbass even if you turn on sandbox mode. | | |
| ▲ | eric-burel 35 minutes ago | parent | next [-] | | The thing is running it onto your machine is kinda the point. These agents are meant to operate at the same level - and perhaps replace - your mail agent and file navigator. So if we sandbox too much we make it useless.
The compromise being having separate folders for AI, a bit like having a Dropbox folder on your machine with some subfolders being personal, shared, readonly etc.
Running terminal commands is usually just a bad idea though in this case, you'd want to disable that and instead fine tune a very well configured MCP server that runs the commands with a minimal blast radius. | |
| ▲ | hrpnk an hour ago | parent | prev [-] | | Cloudflare jumped on the hype and shipped a worker: https://blog.cloudflare.com/moltworker-self-hosted-ai-agent/
I guess that would be an easy and secure way to run it. Now they have to rename again, though... [1] [1] https://openclaw.ai/blog/introducing-openclaw |
|
|
|
|
| ▲ | woodylondon 2 hours ago | parent | prev | next [-] |
| My biggest issue with this whole thing is: how do you protect yourself from prompt injection? Anyone installing this on their local machine is a little crazy :). I have it running in Docker on a small VPS, all locked down. However, it does not address prompt injection. I can see how tools like Dropbox, restricted GitHub access, etc., could all be used to back up data in case something goes wrong. It's Gmail and Calendar that get me - the ONLY thing I can think of is creating a second @gmail.com that all your primary email goes to, and then sharing that Gmail with your OpenClaw. If all your email is that account and not your main one, then when it responds, it will come from a random @gmail. It's also a pain to find a way to move ALL old emails over to that Gmail for all the old stuff. I think we need an OpenClaw security tips-and-tricks site where all this advice is collected in one place to help people protect themselves. Also would be good to get examples of real use cases that people are using it for. |
| |
| ▲ | TZubiri 2 hours ago | parent [-] | | I don't think prompt injection is the only concern, the amount of features released over such a small period probably means there's vulnerabilities everywhere. Additionally, most of the integrations are under the table. Get an API key? No man, 'npm install react-thing-api', so you have supply chain vulns up the wazoo. Not necessarily from malicious actors, just uhh incompetent actors, or why not vibe coder actors. |
|
|
| ▲ | sbinnee 3 hours ago | parent | prev | next [-] |
| It's hilarious that atm I see "Moltbook" at the top of HN. And it is actually not Moltbot anymore? But I have to admit that OpenClaw sounds much better. |
| |
|
| ▲ | PurpleRamen 33 minutes ago | parent | prev | next [-] |
| Not very trust-inducing to rename a popular project so often in such a short time. I've yet again have to change all the (three) bookmarks I collected. Anyway, independent of what one thinks of this project, It's very insightful to read through the repository and see how AI-usage and agent are working these days. But reading through the integrations, I'm curious to know why it bothers to make all of them, when tools like n8n or Node-RED are existing, which are already offering tons of integrations. Wouldn't it be more productive to just build a wrapper around such integrations-hubs? |
| |
| ▲ | jsheard 6 minutes ago | parent [-] | | > Not very trust-inducing to rename a popular project so often in such a short time. Yeah but think of the upsides - every time you rename a project you get to launch a new associated memecoin. |
|
|
| ▲ | lode an hour ago | parent | prev | next [-] |
| I tried it out yesterday, after reading the enthousiastic article at https://www.macstories.net/stories/clawdbot-showed-me-what-t... Setting it up was easy enough, but just as I was about to start linking it to some test accounts, I noticed I already had blown through about $5 of Claude tokens in half an hour, and deleted the VPS immediately. Then today I saw this follow up: https://mastodon.macstories.net/@viticci/115968901926545907 - the author blew through $560 of tokens in a weekend of playing with it. If you want to run this full time to organise your mailbox and your agenda, it's probably cheaper to hire a real human personal assistant. |
| |
| ▲ | lurking_swe 22 minutes ago | parent [-] | | part of me sympathizes, but part of me also rolls my eyes. Am i the only one that’s configuring limits on spend and also alerts? Takes 2 seconds to configure a “project” in OpenAI or Claude and to scope an api key appropriately. Not doing so feels like asking for trouble. | | |
| ▲ | lode 13 minutes ago | parent [-] | | That's what I did, which is why I abandoned my experiment this quickly. I'd find it hard to write such an article about how this is the next best thing since sliced bread without mentioning it spending so much money. | | |
|
|
|
| ▲ | bandrami an hour ago | parent | prev | next [-] |
| I remember in late 1999 I was contacted by a headhunter who told me that dotcom.com was looking for a sysadmin. This is giving that energy. |
|
| ▲ | keyle 2 hours ago | parent | prev | next [-] |
| That made me smile Security: 34 security-related commits to harden the codebase
Narrator's voice: They needed a 35th.Much better name! |
|
| ▲ | theturtletalks an hour ago | parent | prev | next [-] |
| I’m a big fan of Peter’s projects. I use Vibetunnel everyday to code from my phone (I built a custom frontend suited to my needs). I know I can SSH into my laptop but this is much better because handoff is much cleaner. And it works using Tailscale so it is secure and not exposed to the internet. His other projects like CodexBar and Oracle are great too. I love diving into his code to learn more about how those are built. OpenClaw is something I don’t quite understand. I’m not sure what it can do that you can’t do right off the bat with Claude Code and other terminal agents. Long term memory is one, but to me that pollutes the context. Even if an LLM has 200K or 1M context, I always notice degradation after 100K. Putting in a heavy chunk for memory will make the agent worse at simple tasks. One thing I did learn was that OpenClaw uses Pi under the hood. Pi is yet another terminal agent like ClaudeCode but it seems simple and lightweight. It’s actually the only agent I could get Gemini 3 Flash and Pro to consistently use tools with without going into loops. |
|
| ▲ | brikym 26 minutes ago | parent | prev | next [-] |
| So when it's commercialized it will be ClosedClaw? |
|
| ▲ | bob1029 4 hours ago | parent | prev | next [-] |
| I would have stood my ground on the first name longer. Make these legal teams do some actual work to prove they are serious. Wait until you have no other option. A polite request is just that. You can happily ignore these. The 2nd name change is just inexcusable. It's hard to take a project seriously when a random asshole on Twitter can provoke a name change like this. Leads me to believe that identity is more important than purpose. |
| |
| ▲ | 3rodents 2 hours ago | parent | next [-] | | The first name and the second name were both terrible. Yes, the creator could have held firm on "clawd" and forced Anthropic to go through all the legal hoops but to what end? A trademark exists to protect from confusion and "clawd" is about as confusing as possible, as if confusing by design. Imagine telling someone about a great new AI project called "clawd" and trying to explain that it's not the Claude they are familiar with and the word is made up and it is spelled "claw-d". OpenClaw is a better name by far, Anthropic did the creator a huge favor by forcing him to abandon "clawd". | | |
| ▲ | calgoo an hour ago | parent [-] | | Interesting, I dont read claude the same way as clawd, but I'm based in Spain so I tend to read it as French or Spanish. I tend to read it as `claud-e` with an emphasis on the e at the end. I would read clawd as `claw-d` with a emphasis in the D, but yes i guess American English would pronounce them the same way. Edit: Just realized i have been reading and calling it after Jean-Claude Van Damme all this time. Happy friday! |
| |
| ▲ | kube-system 3 hours ago | parent | prev | next [-] | | As the article says, it’s a 2 month old weekend project. It’s doing a lot better than my two month old weekend projects. | | |
| ▲ | superfrank 3 hours ago | parent [-] | | While weekend project may be correct, I think it gives a slightly wrong impression of where this came from. Peter Steinberger is the creator who created and sold PSPDFKit, so he never has to work again. I'm listening to a podcast he was on right now and he talks about staying up all night working on projects just because he's hooked. According to him made 6,600 commits in January alone. I get the impression that he puts more time into his weekend project than most of us put into our jobs. That's not to diminish anything he's done because frankly, it's really fucking impressive, but I think weekend project gives the impression of like 5 hours a week and I don't think that's accurate for this project. | | |
| ▲ | suddenlybananas 2 hours ago | parent [-] | | Number of commits doesn't mean much. | | |
| ▲ | superfrank 2 hours ago | parent [-] | | I get what you're saying, but I don't totally agree. The number is sooo high that, while it isn't a perfect measure, I think it does mean something. If you go look at his code, nearly all of them are under 100 lines and I'd say close to half are under 10. So you're totally right that that number is way higher than what most other developers would have for a similar amount of code. At the same time, if we assume it takes 30 seconds to make a commit on average that's still 55 hours in a month, that is way above what most would call a weekend project. My point wasn't really that number of commits is some perfect measure of developer productivity. It was just that if you're actually building something and not just generating commits for the hell of it, there's a minimum amount of time needed for each commit. 6600 times whatever that minimum time is is probably more than what most people would think of for a weekend project. | | |
| ▲ | egeozcan an hour ago | parent [-] | | I don't disagree with you but those commits could also be automated. Have a look at the projects like gastown. |
|
|
|
| |
| ▲ | Jarwain 3 hours ago | parent | prev | next [-] | | I draw the opposite conclusion. Willingness to change the name leads me to conclude purpose is more important than identity. Now if it changes _again_ that's a different story. If it changes Too Much, it becomes a distraction | | |
| ▲ | altmanaltman 3 hours ago | parent [-] | | Isnt this name change because the previous one was hard to say, as per the blog post? Isnt that a case of focusing more on identity than purpose? | | |
| ▲ | Veen 3 hours ago | parent [-] | | More that moltbot is ugly and was chosen in a bit of a panic after Anthropic complained. No one liked it, including the people who chose it. |
|
| |
| ▲ | arrowsmith 2 hours ago | parent | prev | next [-] | | It wasn't just one random asshole, tons of people were saying that "Moltbot" is a terrible name. (I agree, although I didn't tweet at him about it.) OpenClaw is a million times better. | | |
| ▲ | matsemann an hour ago | parent [-] | | Just curious, is there something specific about Moltbot that makes it a terrible name? Like any connotations or associations or something? Non-native speaker here, and I don't see anything particularly wrong with it that would warrant the hate it's gotten. (But I agree that OpenClaw _sounds_ better) | | |
| ▲ | arrowsmith 5 minutes ago | parent [-] | | No connotations or associations that I can think of it. It just sounds weird and is kinda hard to pronounce - doesn't roll off the tongue easily. It's not the worst thing ever, it's just not a very aesthetically pleasing combination of sounds. |
|
| |
| ▲ | Paracompact 3 hours ago | parent | prev [-] | | Which random asshole? Haven't heard about it. | | |
|
|
| ▲ | rolymath 2 hours ago | parent | prev | next [-] |
| With all due respect, if you run this and you get hacked, you deserve it. |
| |
| ▲ | halapro 2 hours ago | parent [-] | | Why? What's wrong with it? | | |
| ▲ | InsideOutSanta 2 hours ago | parent | next [-] | | Let's ignore all the potential security issues in the code itself and just think about it conceptually. By default, this system has full access to your computer. On the project's frontpage, it says, "Read and write files, run shell commands, execute scripts. Full access or sandboxed—your choice." Many people run it without a sandbox because that is the default mode and the primary way it can be useful. People then use it to do things like read email, e.g., to summarize new email and send them a notification. So they run the email content through an LLM that has full control over their setup. LLMs don't distinguish between commands and content. This means there is no functional distinction between the user giving the LLM a command, and the LLM reading an email message. This means that if you use this setup, I can email you and tell the LLM to do anything I want on your system. You've just provided anyone that can email you full remote access to your computer. | |
| ▲ | lnenad 2 hours ago | parent | prev [-] | | It's a vibecoded project that gives an agent full access to your system that will potentially be used by non technically proficient people. What could go wrong? | | |
| ▲ | consp 2 hours ago | parent [-] | | In which case you only want it running on a non networked system airgapped from everything. Why is this a thing? | | |
| ▲ | lnenad 2 hours ago | parent | next [-] | | I don't disagree but > that will potentially be used by non technically proficient people | |
| ▲ | ForHackernews an hour ago | parent | prev [-] | | I actually created a evil super-intelligent AGI back in 1996, but, cognizant of the security risks, I wisely kept it airgapped from all other systems. In the end I unplugged the monitor, keyboard, and mouse from the Compaq Presario in my parents' basement. As far as I know, it's still there, concocting ever-more brilliant schemes for world-domination. |
|
|
|
|
|
| ▲ | rcarmo 3 hours ago | parent | prev | next [-] |
| This is indeed feeling very much like Accelerando’s particular brand of unchecked chaos. Loving every minute of it, first thing in our timeline that makes sense where it regards AI for the masses :) |
|
| ▲ | cracki 21 minutes ago | parent | prev | next [-] |
| I am tired of this. Make it stop. |
|
| ▲ | johnxie 2 hours ago | parent | prev | next [-] |
| Timing here is funny. Moltbook is just starting to show up on HN and Reddit as Moltbot lore, with agents talking to agents and culture forming. Once agents have tools and a shared surface, coordination appears immediately. https://www.moltbook.com/post/791703f2-d253-4c08-873f-470063... |
|
| ▲ | goro-7 22 minutes ago | parent | prev | next [-] |
| Will now OpenAI legal team reach them and ask to change? So what's next XClaw? Are they getting paid to change name? |
|
| ▲ | golem14 3 hours ago | parent | prev | next [-] |
| Should have named it “bot formerly known as Moltbot” and invented a new emoji sigil :) |
|
| ▲ | bhargav_12111 7 minutes ago | parent | prev | next [-] |
| sdrg4thrygj |
|
| ▲ | novoreorx 2 hours ago | parent | prev | next [-] |
| RIP Moltbot, though you were not liked by most people |
|
| ▲ | ripped_britches 3 hours ago | parent | prev | next [-] |
| Apparently it had another name before Clawdbot as well, I think BotRelay or something. It’s on pragmatic engineer |
| |
|
| ▲ | skylurk 20 minutes ago | parent | prev | next [-] |
| Is it now officially "eternal sloptember"? |
|
| ▲ | doanbactam 3 hours ago | parent | prev | next [-] |
| What if Lamborghini had acquired Claw to automate their vehicles? |
|
| ▲ | baalimago 3 hours ago | parent | prev | next [-] |
| Vibe-management via OpenClaw? |
|
| ▲ | ChrisArchitect 4 hours ago | parent | prev | next [-] |
| Previously: Clawdbot Renames to Moltbot https://news.ycombinator.com/item?id=46783863 |
|
| ▲ | codeulike 2 hours ago | parent | prev | next [-] |
| Not getting the lobster references, is that to do with lobste.rs ? |
| |
|
| ▲ | vibeprofessor 3 hours ago | parent | prev | next [-] |
| hackers don't like fellow hackers based on sentiment i see here |
| |
| ▲ | brna-2 an hour ago | parent [-] | | When I post to HN, I post mostly for criticism and suggestions and less for praise.
I did not sense what you did here, maybe I filtered it out. |
|
|
| ▲ | Imustaskforhelp 2 hours ago | parent | prev | next [-] |
| Okay whether its clawdbot or moltbot or openclaw Literally the top 2 HN posts are about this. Either it having book, or the first comment on it showing it create religion or now this. Can we stop all of this hype around Clawdbot itself? Even HN is vulnerable to it. |
| |
| ▲ | brikym 20 minutes ago | parent [-] | | OpenClaw is now ClosedClaw - Priced from $99/mo for PromptProtectPlus > Countin me money! |
|
|
| ▲ | ChrisArchitect 4 hours ago | parent | prev | next [-] |
| Right now I'm just thinking about all the molt* domains..... ¯\_(ツ)_/¯ |
| |
| ▲ | ricardo81 3 hours ago | parent [-] | | I think (not really sure) there's still a 5 day grace period when you buy domains, at least for gTLDs. | | |
|
|
| ▲ | popalchemist 3 hours ago | parent | prev | next [-] |
| How to annoy and alienate your target audience in 2 short weeks. |
| |
| ▲ | zombot 36 minutes ago | parent [-] | | It took them so long? That doesn't look good for the audience. A bunch of vibecoded slop full of security holes should annoy faster. |
|
|
| ▲ | villgax 3 hours ago | parent | prev | next [-] |
| Hilarious to see the most pointless vibecoded slop written to interact with an RDP server. Unnecessary introduces loopholes. |
|
| ▲ | blurayfin 3 hours ago | parent | prev | next [-] |
| and openclaw.com is a law firm. |
| |
| ▲ | NewJazz 3 hours ago | parent | next [-] | | Yeah I was about to say... Don't fall into the Anguilla domain name hack trap. At the very least, buy a backup domain under an affordable gTLD. I guess the .com is taken, hopefully some others are still available (org, net, ... others) Edit: looks like org is taken. Net and xyz were registered today... Hopefully one of them by the openclaw creators. All the cheap/common gtlds are indeed taken. | |
| ▲ | brna-2 2 hours ago | parent | prev | next [-] | | The page says - Hadir Helal, Partner - Open Chance & Associates Law Firm This looks to me like: - the page belongs to the person - not to the firm - domain should be openCALW and not CLAW - page could look better - they also have the domain openchancelaw.com Maybe Hadir is open to donating the domain or for a exchange of some kind, like an up to date web page or something along these lines. | |
| ▲ | kube-system 3 hours ago | parent | prev | next [-] | | From a trademark perspective, that’s totally fine. | | |
| ▲ | NewJazz 3 hours ago | parent [-] | | Yeah there's no risk of confusion, legally or in reality. If anything, having a reputable business is better than whatever the heck will end up on openclaw.net or openclaw.xyz (both registered today btw). |
| |
| ▲ | raverbashing 3 hours ago | parent | prev [-] | | Breaking news: tech bro unable to do basic research on existing trademarks, news at 11 |
|
|
| ▲ | yieldcrv 3 hours ago | parent | prev [-] |
| amateur hour, new phase of the AI bubble reminds me of Andre Conje, cracked dev, "builds in public", absolutely abysmal at comms, and forgets to make money off of his projects that everyone else is making money off of (all good if that last point isn't a priority, but its interrelated to why people want consistent things) |
