By whatever name – Moltbot, Clawd, OpenClaw – it's a security nightmare (www.computerworld.com)

Moltbot, recently rebranded as OpenClaw, has taken the AI community by storm, amassing an impressive 70,000 GitHub Stars in just a month. Developed by Peter Steinberger, this open-source AI "sidekick" distinguishes itself by taking real-world actions through local execution, primarily on personal hardware like Mac minis. It connects to various large language models (LLMs) via APIs, allowing it to perform tasks such as managing emails, scheduling travel, and running applications using natural language commands. OpenClaw's notable feature is its long-term memory capability, which enables it to remember user preferences and ongoing projects, enhancing its usability. However, the excitement surrounding OpenClaw comes with significant security concerns. The AI agent requires extensive access to personal data—such as passwords and credit card information—to function effectively, raising alarms about potential vulnerabilities like prompt injection attacks. Security experts warn that granting an AI agent unrestricted access to sensitive information can lead to catastrophic breaches if not managed properly. While OpenClaw offers impressive functionality and convenience, users are advised to employ extreme caution, such as isolating it on locked-down virtual machines to mitigate the risks associated with its operation.