An open-source AI assistant has exploded across developer communities in recent weeks, racking up over 10,200 GitHub stars and 8,900 Discord members since its January release.
Clawdbot promises what Siri never delivered: an AI that actually does things. Alex Finn, CEO of CreatorBuddy, texted his Clawdbot, Henry, to make a restaurant reservation.
"When the OpenTable res didn't work, it used its ElevenLabs skill to call the restaurant and complete the reservation," Finn wrote on X. "AGI is here, and 99% of people have no clue."
Clawdbot stands out for keeping user context on-device, being open source and shipping at an unusually fast pace, developer Dan Peguine wrote on X on Saturday.
It also works across major messaging platforms and offers persistent memory with proactive background tasks that go well beyond a typical personal assistant, he added. Plus, it’s pretty easy for everyday users to install.
Clawdbot uses the Model Context Protocol to connect AI models like Claude or GPT with real-world actions without human intervention.
The system can run locally on just about any hardware and connects through messaging apps you already use—WhatsApp, Telegram, Discord, Slack, Signal, iMessage. It can execute terminal commands, control browsers, manage files, and make phone calls.
From investment advice to OnlyFans account management, anything seems to be possible as long as you have the creativity to build it, the resources to pay for the tokens, and the balls to afford the consequences when things go sideways.
Unfettered access
Still, Clawdbot is raising concerns among those in the security community who have discovered a problem.
AI researcher Luis Catacora ran a Shodan scan and found an issue: "Clawdbot gateways are exposed right now with zero auth (they just connect to your IP and are in)... That means shell access, browser automation, API keys. All wide open for someone to have full control of your device."
In effect, powerful systems placed in inexperienced hands have left many machines exposed.
The remedy is relatively straightforward: change a gateway binding from a public setting to a local one, then restart. The step is not intuitive, and the default configuration has left many users vulnerable to remote attacks.
The recommended response is to immediately restrict network access, add proper authentication and encryption, rotate potentially compromised keys, and implement rate limits, logging, and alerting to reduce the risk of abuse.
The system’s heavy token usage has surprised users, prompting developers to recommend lower-cost models or local deployments to manage consumption.
Federico Viticci at MacStories burned through 180 million tokens in his first week. On Hacker News, one developer reported spending $300 in two days on what they considered "basic tasks."
Clawdbot is the creation of Peter Steinberger, founder of PSPDFKit (now called Nutrient), who came out of retirement to build what he calls a "24/7 personal assistant."
For now, given the costs, it is recommended to be careful about what you ask your assistant to do.
The project documentation includes a security guide and diagnostic commands to check for misconfigurations. The community is shipping fixes at a rapid pace at roughly 30 pull requests daily, but adoption of security safeguards still lags behind installation rates.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
