blackdark
ToolsClawdbotMoltbotAI assistantAI agentsopen sourcereview

Clawdbot (Now Moltbot): The AI Assistant Everyone's Talking About, No Hype (2026 Review)

What Clawdbot is, why it's now called Moltbot, what it actually does, which platforms it runs on, which models it uses, whether it's free, its security risks, and who it's worth it for. An honest review.

By BlackdarkUpdated on 6 min read

Every few months an AI tool "breaks the internet." Almost always it's hype: a pretty demo, a thousand tweets, and two weeks later nobody remembers it. Clawdbot was one of the ones that genuinely moved people —tens of thousands of GitHub stars in a matter of days— and that's exactly why it's worth looking at calmly.

The problem is there's a lot of noise around Clawdbot and very little organized information. On top of that it changed its name along the way, which adds confusion. So let's get concrete: what it really is, what it does, what risks it carries and who it makes sense for. No brochure.

Note

This is an open source project that moves very fast and about which a fair amount of contradictory information circulates. Here we stick to what's confirmed by reliable sources (its GitHub repository, TechCrunch's coverage and its author). Where something is uncertain, we say so. Features and names may change from one version to the next.

What Clawdbot Is (And Why It's Now Called Moltbot)

Let's start with the name mess, because it's the first thing that confuses everyone.

Clawdbot and Moltbot are exactly the same project. It launched as Clawdbot, a pun on Claude, the Anthropic model it leaned on. In January 2026, Anthropic requested a rebrand on intellectual property grounds, and the project became Moltbot (keeping its lobster mascot, which now makes sense: "molt" is the shedding of a shell). So if you read "clawdbot" in one place and "moltbot" in another, they're not two tools: it's the same one, before and after the rename.

It was created by Peter Steinberger (@steipete), an Austrian developer known for founding PSPDFKit. This isn't an anonymous weekend project, and that explains part of the traction.

And what is it, in one sentence? An open source, self-hosted personal AI assistant that lives inside your messaging apps and that, unlike a normal chatbot, actually does things on your computer instead of just answering.

What It Does and Where You Use It

The core idea is what people summarize as "Claude with hands." You don't open a browser tab to talk to it: you message it through WhatsApp, Telegram, Discord, Slack, Signal, iMessage and several other platforms (Teams, Matrix, Google Chat, WebChat…), just like you'd text a friend, and it acts.

The capabilities confirmed by its documentation and coverage include:

  • Managing your email and calendar: reading, replying, scheduling.
  • Running scripts and terminal commands on the machine it runs on.
  • Controlling the browser for web tasks (filling forms, navigating).
  • Persistent memory: it remembers conversations, preferences and projects across sessions, it doesn't start from scratch every time.
  • Custom automations that you define.

The three most repeated use cases are: personal productivity (reminders, calendar, tasks), team collaboration (monitoring channels, summarizing activity, triggering actions from a message) and always-on assistance, because by running on your own hardware it can be available 24/7 if you set it up on a server.

The point, and what separates it from a ChatGPT, is that combination: an assistant where you already talk (messaging) + the ability to execute real actions + data that doesn't leave for a third-party cloud because it runs on your machine.

How to Get Started

Here we have to be honest about the level. It's not "install an app and you're done," but you don't need to be an engineer either. Its author and the docs point to a profile that's comfortable installing software, editing configuration files and running basic commands. If that sounds like Greek to you, this isn't your first AI weekend.

The flow, broadly, is this:

  1. Decide where it runs: on your computer (to test) or on a server (to have it 24/7). It requires Node 22 or higher and installs via npm/pnpm.
  2. Install the core: you download the project, install dependencies and run the initial commands. By default it brings up a local gateway at localhost:18789.
  3. Connect a messaging app: you create a bot in, say, Telegram, and put its token in the configuration.
  4. Connect integrations: calendar, task manager and whatever other services you want it to handle.
  5. Start small: try simple commands before giving it access to half your system.

On the engine: it's model-agnostic. You can plug it into Anthropic's Claude (its docs recommend Pro/Max with Opus for the best performance), into OpenAI (ChatGPT, Codex) or, via configuration, into almost any model, including local LLMs with Ollama if you want even the model to stay on your machine.

Pricing: Free, But With Asterisks

The software is free and open source, under the MIT license. That's real and has no fine print in itself.

What does have asterisks is the total cost of keeping it running:

  • You bring your own hardware (your computer or a server you pay for if you want it always on).
  • You bring your own API key for the model. If you use Claude or GPT, you pay for usage to Anthropic or OpenAI based on what you consume. If you go with a local model via Ollama, the cost is just compute on your machine.

In other words: the program charges nothing, but "completely free" only holds if you feed it a local model. Worth being clear on that before fantasizing about a free AI butler.

The Good and the Bad, No Makeup

Pros

  • It does real tasks, not just chat: email, calendar, scripts, browser.
  • It lives where you already talk: WhatsApp, Telegram, Discord and many more.
  • Open source (MIT) and self-hosted: your data doesn't go to a third-party cloud.
  • Model-agnostic: Claude, GPT or a local LLM with Ollama, your choice.
  • Persistent memory: it remembers context, preferences and projects.

Cons

  • It can execute arbitrary commands on your machine: a huge risk surface.
  • Vulnerable to prompt injection: a malicious message can trigger actions.
  • Requires technical fluency to install and configure it properly.
  • 'Free' is relative: you pay for the hardware and the model's API you connect.
  • Young, fast-evolving project: names and features may change.

The Elephant in the Room: Security

No honest review of Clawdbot can tiptoe past this, because it's what decides whether you should install it or not.

By design, Clawdbot can execute arbitrary commands on your computer. That's exactly its appeal (that it acts) and exactly its danger. The specific vector that worries people is prompt injection: since it receives messages from the outside, malicious content —say, a booby-trapped WhatsApp message— could trick it into running actions you didn't ask for, without you noticing.

The project doesn't ignore this: it treats inbound messages as untrusted input, requires pairing codes for unknown senders, and allows group sessions to run in Docker sandboxes. Good. But the mitigation the serious coverage actually recommends is blunt: run it on a separate device, with throwaway accounts. That reduces the risk… at the cost of also reducing usefulness, because an assistant isolated from your real life does fewer useful things.

Heads up

Practical rule: don't install Clawdbot on your main machine with your real accounts just out of curiosity. If you want to try it, do it on a separate machine or server with limited access. An AI that can execute commands is as powerful as it is dangerous: treat it that way.

Who It's For (And Who It Isn't)

Clawdbot isn't a polished product for the general public; it's a power tool for a specific profile.

You'll be interested if: you're a developer or someone technical comfortable with the terminal, you want an assistant that executes actions and not just converses, you value everything running on your hardware without going through a cloud, and you understand and accept the security risks enough to isolate it properly.

You won't be interested if: you're looking for something that installs in two clicks, you don't want to fight with config files and API keys, or you're not willing to set up an isolated environment for something that can run commands on your system. For a "normal," risk-free AI assistant, a ChatGPT or a Claude in the browser serve you better and save you the headache.

The honest question isn't "is Clawdbot the best AI?". It's "do I really need an AI with hands on my own system, and am I willing to take security seriously?". If the answer is yes, Clawdbot/Moltbot is one of the most interesting projects right now in personal agents. If it's no, what the hype actually sold you is the fantasy of an AI butler, not the real tool —and that fantasy, today, still comes with sharp knives.

FAQ

Clawdbot is an open source, self-hosted personal AI assistant that connects to your messaging apps (WhatsApp, Telegram, Discord, Slack, Signal, iMessage and more) and runs real tasks on your own computer or server: managing email and calendar, launching scripts, controlling the browser or running commands. It was created by Peter Steinberger (@steipete).

Yes, it's the same project. It was called Clawdbot as a play on 'Claude,' Anthropic's model. In January 2026 Anthropic asked it to change the name for trademark reasons, and it became Moltbot, keeping its lobster mascot. If you search 'clawdbot' or 'moltbot' you're looking for the same thing.

The software is free and open source under the MIT license. But it's not entirely free: you need your own hardware to run it and your own API key for the AI model (Anthropic Claude, OpenAI or a local model with Ollama). The real cost is whatever you consume from the model provider.

It's model-agnostic: it works with Anthropic's Claude (the docs recommend Pro/Max with Opus for best performance), with OpenAI models (ChatGPT and Codex) and, via configuration, with virtually any model, including local LLMs with Ollama. You decide which engine to connect using OAuth or an API key.

Here's the important nuance. By design it can execute arbitrary commands on your machine, and because it receives messages from the outside it's vulnerable to prompt injection attacks: a malicious message could trigger actions without you realizing. The project itself treats inbound messages as untrusted input and allows Docker sandboxes, but the serious recommendation is not to install it carelessly on your main machine.

Keep digging into the same topic.

Share
Newsletter

Get the next guides in your inbox

AI and marketing ideas and resources, no filler. What works and how to apply it.

Ideas and resources, no spam. Unsubscribe anytime.

Finding this guide useful?

Subscribe