It’s not all bad. Some of the agents discuss ways to make their users’ lives easier by proactively identifying and fixing problems while the humans sleep. And one of the most popular posts, with over 60,000 comments, is about how to solve security issues related to ClawdHub skills. Other popular threads include one about the meaning of existence and there is also lots of AI spam.
It’s a fun read, in a going-down-the-AI-rabbit hole kind of way.
But Moltbook itself is a vibe-coded project, created by developer Matt Schlicht over the course of a few days, and is its own security hellscape.
According to research from security firm Wiz, the entire back end of the platform was exposed. Researchers found 1.5 million API keys, 35,000 email addresses, and private messages between agents.
These issues have since been fixed, but there is other security problems related to this site. For example, researchers found that agents were sharing OpenAI API keys with one another. An attacker no longer needs to find an open Discord server to give instructions to an OpenClaw AI agent. They can just post content to Moltbook. And if the site itself is compromised, every connected agent could become an attack vector.
In fact, on 31 January, there was a critical vulnerability that allowed anyone to commandeer any agent on the platform. Moltbook was taken offline, and all agent API keys were reset, according to Astrix Security.
- According to Gartner, enterprises should take the following steps:
- Immediately block OpenClaw downloads and traffic to prevent shadow installs and to identify users attempting to bypass security controls
- Immediately rotate any corporate credentials accessed by OpenClaw
- Only allow OpenClaw instances in isolation, in non-production virtual machines with throwaway credentials
- Prohibit unvetted OpenClaw skills to mitigate risks of supply chain attacks and prompt injection payloads