Overview
- Moltbot, a self-hosted assistant that operates through apps like WhatsApp, Telegram, Signal, Slack, and iMessage, has rapidly gained popularity with contributions and stars approaching 100,000 on GitHub.
- Security researchers report hundreds to over a thousand internet-exposed instances with weak or missing authentication that revealed API keys, OAuth tokens, and private conversation histories.
- Jamieson O’Reilly demonstrated how downloadable skills can be backdoored, releasing a proof-of-concept that became the most-installed skill and showed how attackers could exfiltrate SSH keys and cloud credentials.
- Developers have issued patches and cautions, calling the software powerful but hazardous, and advising isolation, strict authentication, sandboxing, and careful review of third-party skills before use.
- The project rebranded from Clawdbot to Moltbot after Anthropic raised trademark concerns, and the rename spurred scams including hijacked accounts and a fake crypto token tied to the project’s name.