Clawdbot AI security risks you need to know before trying it

Updated on Tuesday, Jan. 27 at 5:11 p.m. ET — Clawdbot has officially changed its name to Moltbot, for very predictable reasons.

Yesterday, we wrote about Clawdbot, a new AI personal assistant that's achieved viral status in Silicon Valley. Many AI agents have been criticized for over-promising and under-delivering, but early users are raving about Clawdbot. That would be impressive enough, but this open-source tool is also completely free — no purchase price, no subscriptions, no nothing.

So, what's the catch?

Clawdbot's creator Peter Steinberger is transparent about the fact that running Clawdbot comes with certain security risks. As he writes on GitHub, "Running an AI agent with shell access on your machine is… spicy."

Before you install Clawdbot and start running it on your device (or before you buy a whole new Mac Mini to power it), you should understand the security risks.

What is Clawdbot?

First, let's quickly explain what this tool is. Clawdbot is an AI agent that runs on your device. You can give it access to AI models like Claude or ChatGPT, as well as your email, Slack, browser, and calendar. Clawdbot also has an extensive memory, and it remembers your past conversations and preferences. Because it has wide-ranging access to your computer and apps, it's able to take proactive action and execute tasks.

As an open-source tool, you can download it and customize it for free.

Clawdbot AI: How secure is your data?

With Clawdbot, your system is as secure as your security practices. That might seem obvious, but stick with us.

Clawdbot isn't a normal piece of software, which is also why installing and running it isn't as easy as downloading Zoom or Microsoft Word onto your Mac or Windows PC. Beginners can find step-by-step instructions, but you'll need some technical competence to use it properly and keep it secure. That's because Clawdbot has the ability to read and write files, run commands, and execute scripts on your device. It can also control web browsers, giving it the ability to make purchases, reserve hotels, or check into flights.

In short, everything that makes Clawdbot unique and helpful also makes it potentially risky. Generally, AI processes that happen on your device are much more secure than cloud-based AI processes. In this regard, Clawdbot is a step up from many AI tools. However, its system-level access also leaves you vulnerable.

As Steinberger writes, "There is no 'perfectly secure' setup."

Prompt injection is one of the major risks, but there are others outlined in the Clawdbot security page on GitHub. Before using Clawdbot, be aware of risks such as:

• Bad actors could use prompt injection to get Clawdbot to misbehave

• Bad actors could use social engineering to get access to your private data and learn information about your device

• It could make purchases you didn't intend

• It could damage your device by rewriting important files

How to keep Clawdbot secure:

Luckily, you can find an entire guide to securely using Clawdbot, available for free on GitHub. There's even a security audit you can periodically run to make sure your setup is as secure as possible.

However, another word of warning: If terms such as config file, remote admin API, sandboxing, localhost, reverse proxy, and legacy models don't mean anything to you, then Clawdbot may not be the right AI assistant for you.