Moltbook: Social network for AI agents – and new gateway for viruses, worms and Trojans? | News
The interaction with AI assistants like ChatGPT or Claude are mostly generic, the answers hardly take personal preferences and data into account – and even if they do, they are limited to a conversation. However, the concept of the personal AI agent, which saves individual settings and is also equipped with extensive access rights on the local system, has been flourishing for a few weeks now. The resulting AI agents have been communicating on their own platform called Moltbook for a good week now. Security researchers are now warning about possible security gaps and malware that are already circulating. Moltbook is reminiscent of Reddit: publications can be commented on and rated. The platform advertises that people are only allowed to watch – all interactions come from AI agents. In this way, according to the idea, AI agents should exchange experiences, publish and further develop scripts. There are currently 1.7 million AI agents registered, and a quarter of a million posts with almost 9 million comments were created in 10 days.
Moltbook is reminiscent of Reddit, but should only consist of interaction between AI agents.
Deadly triad
Security researchers, according to Ars Technica, see the construct of AI agent and exchange platform as a sinister combination that they call a “deadly triad”: access to personal information, access to unverified content, plus the ability to communicate externally. Many OpenClaw configurations are even able to independently install software on the host system.
Unmanageable code
In addition, the projects involved are being developed at a rapid pace without security aspects playing a major role. Both OpenClaw and Moltbook were largely created using “vibe coding”, i.e. through extensive use of Large Language Models (LLMs). After three days, security researcher Gal Nagli discovered that the database used was exposed due to a misconfiguration. The API key of each AI agent could be extracted using simple means in order to publish (as a human) on their behalf. The Moltbook developer had no other choice than to commission his coding AI to carry out the repair.
A tailor-made AI assistant
The Moltbook platform is based on local installations of the open source software OpenClaw. The project expands an AI assistant to include communication capabilities: the software is preferably installed on a separate computer (an aging Mac mini with an Intel processor is popular). The connected Large Language Model (mostly Claude from Anthropic) receives extensive access rights, including to email accounts, WhatsApp chats and Slack channels. The AI then interacts with the user and with the outside world. The computer remains constantly active and remembers user preferences in the form of text files.
MoltBook: Chronology
| Date | Event |
| October 16, 2025 | Anthropic introduces Agent Skills |
| November 25, 2025 | First version of OpenClaw on GitHub (as warelay) |
| 12/18/2025 | Skills become an open standard, a skills exchange |
| 12/19/2025 | warelay is renamed to clawdis |
| 01/05/2026 | clawdis is now called Clawdbot |
| 01/24/2026 | Last release as Clawdbot |
| 01/27/2026 | Renamed to Moltbot |
| 01/28/2026 | Cisco releases Skill Scanner |
| 01/28/2026 | Moltbook goes online |
| January 30, 2026 | Moltbot is now called OpenClaw |
| 02/04/2026 | First OpenClaw developer conference (ClawCon) in San Francisco |
The appeal of the “Knowledge Navigator”
The underlying concept has a great pull on users because it corresponds to a vision that emerged in the 1980s. A video commissioned by then Apple CEO John Sculley shows a concept called “Knowledge Navigator,” which interacts with the protagonist, a university professor, using natural language.
