(Since this article was written, they renamed Moltbot to OpenClaw.) From the article: [...] [...] [...] [...]
(Since this article was written, they renamed Moltbot to OpenClaw.)
From the article:
Moltbot (formerly known as Clawdbot) is an open-source, self-hosted AI agent that operates directly on your local machine. It acts as your 24/7 personal assistant, and easily integrates with popular messaging platforms like WhatsApp, Telegram, and Slack, enabling it to execute tasks and take actions, going beyond simple conversational interactions.
[...]
Moltbot versatile and automated actions make it an extremely powerful tool whose adoption has continued to grow since its release in November 2025. Its usage went viral on January 24 2026, when the number of daily forks on GitHub went from 50+ to 3000+. The project's star count mirrored this explosive growth: Moltbot gained a record-breaking 17,830 stars in a single day, ultimately crossing 85,000 stars within weeks—the fastest growth trajectory in GitHub history.
[...]
The documentation recommends treating the workspace as private storage and strongly encourages users to save it in private GitHub repositories. One section of the documentation is even dedicated to the risks associated with hardcoded secrets.
However, as might be expected, some people make mistakes and push their workspaces to public repositories - including secrets.
Since November, GitGuardian has detected 181 unique secrets, leaked from repositories with names containing either the clawdbot or moltbot keywords. At the time of writing, 65 secrets were still valid – 30% are Telegram Bot tokens, the easiest solution to interact with Moltbot.
Among these secrets, two caught our attention: a Notion Integration token and a Kubernetes User Certificate. Leaked on January 24, the first one gave access to the entire corporate documentation of a healthcare company. The second, leaked on January 18 gave full privileged access to a Kubernetes cluster of a fintech company, used to host a Moltbot instance. Inside the repository, other credentials were leaked, including for a private Docker images registry. Following these discoveries, we performed responsible disclosures to their owners.
[...]
DockerHub also contains public images containing secrets related to Moltbot. The first leak was detected on January 15, followed by several images every day. Now, 18 are still valid. Here, the types of secrets vary. We find GitHub tokens, AWS IAM keys, and Cloudflare tokens. This provides interesting information about the likely uses of Moltbot for automating cloud infrastructure-related tasks.
[...]
To address this gap, we developed a ggshield skill for Moltbot. Once installed, users can ask their assistant to scan the workspace for leaked credentials:
I personally can't really sympathise with "all of my keys gone" when the first thing you see on installing OpenClaw is that you should treat this with caution and explicitly tells you that you're...
I personally can't really sympathise with "all of my keys gone" when the first thing you see on installing ClawdbotMoltBotOpenClaw is that you should treat this with caution and explicitly tells you that you're giving it full system access.
For what it's worth, it's a neat project. Reminds me of Auto-GPT back some two odd years ago. But if you give it full system and INTERNET ACCESS, you only have yourself to blame.
(Since this article was written, they renamed Moltbot to OpenClaw.)
From the article:
[...]
[...]
[...]
[...]
I personally can't really sympathise with "all of my keys gone" when the first thing you see on installing
ClawdbotMoltBotOpenClaw is that you should treat this with caution and explicitly tells you that you're giving it full system access.For what it's worth, it's a neat project. Reminds me of Auto-GPT back some two odd years ago. But if you give it full system and INTERNET ACCESS, you only have yourself to blame.