The lobster that's trying to eat silicon valley (then choked)
clawd bot . Molt bot . Openclaw, whatever its calling itself this week
hype was truly unholy
zero to 600k+ github stars, best buy sold out of mac minis in sanfrancisco, from karpathy to david sacks everybody tweeted and praised clawdbot.
clawd bot promised jarvis, your personal assistan with hands, shell acess, browsercontrol and memory with proactive notifications. From whatsapp to telegram to slack to imessage to discord all piped into one lobster shaped god running locally on your machine.
but reality is your api keys left the hardware, credentials left the hardware and your entire convo history left your hardware straight to the hands of shodan and ten minutes of patience.
but the security nightmare no one talked about while everybody was busy installing thier ai employees,security researchers found hundreds of exposed clawdbot instances on the open internet.
from full credentials, api keys, bot tokens, oath secrets and complete conversation histories, remote code execution capabilities.
one researcher sent a prompt rejected email to a vulnerable, ai read it, believed it was a legtimate and forwarded the user's last 5 emails to an attacker's address , whcih took just 5 mins
brutal truth is
clawd bot is a genuinely impressive piece of engineering trapped inside a hype machine that promises the moon and delivered a crashing nodejs process.
architecture is solid. vision is real, the execution is early.
but the community treated it like a finished product because influencers needed content and developers needed hope.
same lobster but cracked shell
try to run it on a burner machine, use a dedicated whatsapp numer and dont give it acess to anything youd cry about losing.
lobster is growing but now it's jsut soft and vulnerable
and the ocean is full of things that eat soft lobsters.
Molt or die, just dont do it on production