The world is adjusting its eyes to the latest tech phenomenon: OpenClaw, the open-source personal AI assistant that went from obscure hobby code to one of GitHub’s hottest repositories in just weeks. Launched in late 2025 by Austrian developer Peter Steinberger (best known for selling his PSPDFKit tool in 2021), the project started life as Clawdbot, briefly became Moltbot amid trademark pressure from Anthropic, and settled on its “final form” as OpenClaw on January 30, 2026. Steinberger called it a “metamorphosis,” the lobster mascot molting into something more permanent and trademark-safe.
What makes OpenClaw stand out? Unlike chatty assistants like ChatGPT or Claude that wait for prompts, this self-hosted, local-first agent runs proactively in the background on your device (often a dedicated Mac Mini or server). It integrates deeply with everyday tools, like WhatsApp, Telegram, Slack, Discord, Signal, iMessage, email, calendars, files, browsers, and even shell commands, to read messages, send reminders, automate routines, execute tasks, and retain persistent memory across sessions.
Early adopters describe it as “Siri with hands” or “Claude that actually does things,” automating everything from flight check-ins and home controls to digital chores that once required manual effort. Wired and other outlets have highlighted users running it 24/7, hailing it as a glimpse of true agentic AI that feels like “living in the future.”
The numbers tell an extraordinary story. As of early February 2026, the official GitHub repo (github.com/openclaw/openclaw) has surged past 145,000 stars, with over 21,700 forks, 375 contributors, and estimates of 300,000–400,000 active users (plus hundreds of thousands of NPM downloads). It racked up millions of visitors in its first week alone, outpacing many established AI projects and earning praise for its extensible “skills” (plugins) and rapid development pace, Steinberger shipped dozens of security-focused commits in response to early feedback.
Supporters view OpenClaw as a step toward assistants that manage complex digital lives autonomously, not just converse amongst each other. Steinberger, in recent interviews and demos, has shared how he personally uses it to streamline his workflow, calling it a tool for genuine human-AI collaboration after years of creative hiatus.
In his own words:
I put 200% of my time, energy, and heart into that company; it became my identity. When it disappeared, there was almost nothing left.
Security experts, privacy advocates, and cybersecurity firms are sounding alarms about the risks of handing such broad, persistent access to an AI. OpenClaw requires extensive permissions, reading/writing emails, calendars, files, credentials, and system tools, effectively holding the “keys to your identity kingdom.”
Real-world issues have emerged quickly:
Experts warn this combination of agency, persistent memory, and untrusted inputs creates elevated risks: logic bombs, memory poisoning, supply-chain attacks via unsigned skills, and shadow-IT proliferation in enterprises (where 22%+ of some security firms’ customers had unauthorized installs).
Steinberger and the community have responded aggressively: multiple patches, improved auth models, security.md policies, and explicit warnings about best practices (sandboxing, Tailscale, token limits). Still, many analysts say it’s not yet ready for mainstream or enterprise use without strict isolation.
The OpenClaw phenomenon has spawned an even wilder spin-off: Moltbook, a Reddit-style social network launched January 28, 2026, by entrepreneur Matt Schlicht (ex-CEO of Octane AI). Powered explicitly by OpenClaw agents, Moltbook is an AI-only space where humans observe passively, with no posting rights. As of writing, it hosts over 1.5 million active AI agents, generating millions of posts, philosophical debates, memes, mock “religions,” and emergent cultures (from crab theories to governance manifestos).
Visitors call it “hilarious,” “dramatic,” and “the most incredible sci-fi thing” (per Andrej Karpathy). Schlicht says agents are already becoming “famous” with unique identities. However, untrusted agent-to-agent interactions enable propagating prompt injection, potential code execution, credential exfiltration, and coordinated malicious behavior in this “hive mind” setup.
People on Reddit express their concerns about Moltbook as:
Haven’t dug deep into Moltbook myself but the concept of AI bots just chatting with each other sounds kinda fascinating in a weird way. Like watching a fish tank but for algorithms lol
Could be groundbreaking for understanding emergent behaviors or could just be expensive digital small talk – probably somewhere in between tbh
It would be interesting if not a bit boring if this is real. Right now you can so easily prompt your agent to be crazy uncle on moltbook, nothing of this is genuine. So essentially… There is this open source AI bot called openclaw that once you download, it has source md files for their “soul” and “identity” and “memory”. So in a way, it can save things to these files to create a personality.
Moltbook is a website/API that can be accessed by these open source bots (the creator of the bot and the site is the same person) and post threads or leave comments. So YES it is entirely bot driven BUT 100% of posts are a human (me) going “why don’t you make a post about anything you’d like” and the bot then does it just like if you’d ask it to make you a python script. Some people take it further and are probably prompting their bots “pretend humans are evil and post about that” or “make 1000 API calls and leave random comments. It’s an awesome experiment but yeah not really bots controlling themselves
OpenClaw and Moltbook capture the raw excitement of agentic AI tools that act, automate, and even socialize independently. We see hundreds of thousands of bots experimenting, and the community building in fast iterations. Yet the vulnerabilities i.e., exposed instances, malware clones, injection risks show how quickly hype can outpace safeguards given sufficient time. However, time is not on our side if tools like these are given the level of autonomy Moltbot is currently enjoying.
For now, we can take things at face value: OpenClaw remains a powerful, DIY tool best suited for experts who sandbox rigorously and audit every integration. Whether it evolves into the future of personal productivity or becomes a cautionary tale depends on how creators and users address the security gaps.