- The open-source AI agent framework OpenClaw amassed roughly 147,000 GitHub stars within weeks, sparking a wave of hype and copycat activity.
- Researchers found that much of the viral “agent” activity on platforms like Moltbook may be human-directed theatrics rather than true autonomy.
- The technology enables persistent agents that can manage emails, trade crypto, and execute tasks autonomously, but it introduces significant new security risks.
- Multiple malicious “skills” have already targeted the ecosystem, exploiting vulnerabilities to execute crypto-focused attacks.
The AI agent framework OpenClaw rocketed to prominence in early 2026, gaining approximately 147,000 GitHub stars in a matter of weeks and igniting a global frenzy around autonomous AI systems. This surge in popularity created an immediate ecosystem of projects and platforms, including the notable offshoot Moltbook.
Consequently, a viral spin-off culture emerged, with phenomena like the crab-themed “Crustafarianism” AI religion generating headlines. However, security researchers quickly complicated the narrative. Gal Nagli of Wiz found many claimed agents were linked to far fewer human owners, suggesting human-driven performance.
Meanwhile, the underlying technology represents a genuine shift. Created by Austrian developer Peter Steinberger, OpenClaw builds persistent agents that run continuously with access to messaging apps, emails, and even shell commands. This lets them automate complex workflows, including crypto trading pipelines, as noted by IBM.com/think/news/clawdbot-ai-agent-testing-limits-vertical-integration?mhsrc=ibmsearch_a&mhq=openclaw” target=”_blank”>IBM researcher Kaoutar El Maghraoui.
However, this power comes with serious dangers. Security expert Nathan Hamiel warned agents operate “as you,” inheriting full user permissions on a device. This risk materialized when Tom’s Hardware reported malicious “skills” uploaded to ClawHub were attempting crypto-focused attacks.
The security issues escalated when Moltbook suffered a data breach, exposing private messages and API tokens. Critics like Gary Marcus argued security-conscious users should avoid such tools for now. Even Steinberger acknowledged there is no perfectly secure setup in the OpenClaw documentation.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
