Moltbot negotiated a car purchase. It scraped Reddit for pricing data, contacted dealers, handled email negotiations, and saved its owner $4,200 off a $56K sticker price

But the security issues are real. The former Clawdbot with 85K+ GitHub stars has some serious gaps:

• Credentials stored in plaintext files
• Exposed admin ports with no authentication
• No sandboxing — the AI gets full access to everything you do
• Complete conversation histories across Telegram, WhatsApp, Signal, and iMessage
• API keys for Claude, OpenAI, and other AI providers
• OAuth tokens and bot credentials
• Full shell access to the host machine

Some are reporting that enterprise employees are running this without IT knowing. I tend to believe it.

Quick summary of the hardening guide from NickSpisak_ on X:

1. Bind gateway to localhost only ("bind": "loopback")
2. Lock down file permissions — chmod 700 on config folders
3. Disable mDNS/Bonjour network broadcasting
4. Run clawdbot security audit --deep --fix
5. Set up token or password authentication on the gateway
6. Use Tailscale for remote access — never expose port 18789 publicly
7. Update Node.js to 22.12.0+

The hardening guide from NickSpisak_