Clawdbot has moved quickly from a niche developer project to a viral AI tool. As interest surges, cybersecurity experts are raising concerns about how it is being deployed.
The assistant’s ability to act directly on a user’s system is driving its adoption. At the same time, that same power is increasing the security risk.
Clawdbot
Clawdbot is an open-source AI assistant designed to do more than answer questions. It can send messages, execute commands, manage files, and maintain long-term context.
Because of this, many users describe it as an AI agent rather than a chatbot. The tool runs on a user’s own machine and communicates through familiar platforms.
These include WhatsApp, Telegram, Slack, Discord, and iMessage.
According to the project’s documentation, this setup allows Clawdbot to operate continuously without relying on a centralized cloud service.
As a result, interest has spread rapidly. Explainer articles, demos, and social media posts have multiplied in recent days.
What began as a technical experiment is now part of a large conversation about the realities of consumer AI.
Cyber Security
Amid the growing attention, cybersecurity firm SOCRadar issued a warning. The company reported that it found 1,009 publicly exposed Clawdbot gateways.
These instances were reachable from the open internet. SOCRadar based its findings on searches conducted through Shodan.
Shodan is a search engine that indexes internet-connected systems. The exposed gateways should not be publicly accessible, yet they were visible to anyone looking.
This discovery incited immediate concern among security professionals. Public exposure increases the likelihood of unauthorized access and data leaks.
Exposed Gateways
Clawdbot acts as a bridge between large language models and real execution environments.
Messages from chat platforms are routed through a persistent process that can take direct action on a system.
In typical deployments, Clawdbot can read and write files, execute shell commands, and store long-term data. Because of this, exposed control interfaces pose a serious threat.
SOCRadar warned that these interfaces can reveal sensitive credentials. These include API keys, bot tokens, and OAuth secrets.
Such credentials allow software to act on a user’s behalf. If compromised, attackers could gain broad access to private systems and communications.
Some deployments left command execution available without effective access controls. Others suffered from common infrastructure failures.
In several cases, misconfigured reverse proxies caused external requests to appear as if they originated from localhost. This made unauthorized access easier.
SOCRadar also noted that Clawdbot Control has a distinctive web fingerprint. As a result, exposed instances are easy to identify using internet-wide scanning tools.
Hardware Demand
Clawdbot began to influence hardware purchases. Some users started ordering Apple’s Mac mini to keep the assistant running around the clock.
Business Insider reported that users were wiring Clawdbot into calendars, email accounts, and message threads.
The idea of a 24/7 AI assistant appealed to many users. To some, Clawdbot is like Claude with hands, a representation of a digital employee rather than a piece of software.
However, not everyone viewed the viral tool through the same lens.
Steinberger’s Thoughts
Clawdbot creator Peter Steinberger cautioned users against buying new hardware.
He emphasized that the tool can run on Amazon’s free tier and does not require a dedicated always-on machine.
Steinberger also urged users to follow the project’s security guidance. In particular, he warned against adding Clawdbot to group chats.
In those environments, sensitive information can spread quickly and unintentionally. Other industry figures echoed Steinberger’s opinions.
Andreessen Horowitz partner Olivia Moore said the learning curve for Clawdbot is likely too steep for many users.
Former Microsoft executive Rahul Sood warned that the tool has “zero guardrails by design,” according to Business Insider.
GitHub Popularity
Clawdbot’s growth is visible on GitHub as well. Early Tuesday, the main repository showed about 56,000 stars. It also listed hundreds of open issues and pull requests.
This level of activity implies a strong interest. It also highlights the pace of development of the tool. Rapid change can introduce new features, but it can also introduce unintended new risks.
AI Agents
Clawdbot appears to be the right next step above popular AI like ChatGPT. It doesn’t restrict its abilities to synthesizing answers but also agent-like action without constant supervision.
That promise comes with tradeoffs. A security breach tied to exposed gateways could quickly undermine trust.
User mistakes that leak private chats or credentials could have a similar effect. These risks are especially concerning for less technical users and small teams.
Chinese tech outlet 36kr described Clawdbot as a “Claude with hands.” The outlet reported that it has become a rapid sensation in Silicon Valley.
The coverage fueled talk of an always-on “AI employee” and contributed to the rush to deploy the tool on machines like the Mac mini.
Also read: 20 AI Agent Examples in 2025
