ℹ️ Quick Answer: OpenClaw (formerly Moltbot and Clawdbot) is a free, open source AI assistant that works across messaging apps. While powerful, it has serious problems. API costs can hit $200 per day. Fake malware versions appeared on VS Code Marketplace. Security researchers warn it exposes credentials. Most users say simpler tools like Claude Code cover 99% of use cases.
I watched this drama unfold in real time on Reddit and Hacker News. A promising open source AI assistant went from viral sensation to security nightmare in about three weeks.
The project has already changed names twice. Clawdbot became Moltbot after Anthropic raised trademark concerns about the “Clawd” name sounding too much like Claude. Then it became OpenClaw. Each rebrand created chaos. Documentation became obsolete overnight. Scammers swooped in during the confusion.
Here is everything you need to know before you even think about installing it.
The Good: Why People Got Excited About OpenClaw Clawdbot
OpenClaw represents the dream of a truly personal AI assistant. It is completely open source under the MIT license. You can self host it. You control your data. No monthly subscription fees.
The killer feature is that it works across messaging platforms. Connect it to Telegram, WhatsApp, iMessage, or Discord. Send a message like “check my calendar and book a dentist appointment next week” and it actually tries to do it.
Peter Steinberger, the developer behind the project, built something genuinely impressive. The automation capabilities rival expensive enterprise solutions. It can manage complex workflows, trigger deployments, and handle multi step tasks that would normally require switching between five different apps.
The GitHub repo has over 100,000 stars. Developers love the concept. The execution, however, is where things get complicated.
The Bad: OpenClaw Clawdbot API Costs Can Drain Your Bank Account
OpenClaw itself is free. The AI models powering it are not.
Federico Viticci from MacStories burned through 180 million tokens in his first month. At Claude Sonnet rates, that is roughly $3,600. Another user reported spending $200 in a single day because of a runaway automation loop.
The problem is architectural. OpenClaw runs autonomous loops to complete tasks. It tries, fails, corrects itself, tries again. Each attempt burns tokens. Without careful monitoring, costs spiral out of control before you notice.
Reddit users in the AI Agents subreddit regularly share horror stories. One thread asked about realistic monthly costs. Answers ranged from $300 to $750 depending on usage. For most people, that is more than a Netflix, Spotify, and ChatGPT Plus subscription combined.
⚠️ Cost Warning: Set hard spending limits on your API keys before connecting them to OpenClaw. Users have reported bills exceeding $200 in a single day from runaway automation loops.
The Ugly: OpenClaw Clawdbot Malware, Scammers, and Security Nightmares
On January 27, 2026, security researchers at Aikido flagged a malicious VS Code extension called “ClawdBot Agent.” It looked legitimate. It promised seamless IDE integration that the official project never provided.
It was malware.
The fake extension automatically activated when VS Code started. It downloaded a file disguised as config.json, then executed malicious code. The payload was a preconfigured ScreenConnect client that connected to attacker infrastructure. Essentially, it gave hackers remote access to developer machines.
The most important thing to understand is that OpenClaw has no official VS Code extension. None. The attackers simply exploited the project’s popularity and the gap in official tooling.
But that was not the only security problem.
Heather Adkins, VP of Security Engineering at Google Cloud, publicly warned people to avoid installing it. She cited researchers who called OpenClaw “infostealer malware disguised as an AI personal assistant.”
During the chaotic rebrand from Moltbot to OpenClaw, crypto scammers hijacked social media accounts and domains that the project team had not yet secured. Security firm Bitdefender reported exposed control panels that risked credential leaks and account takeovers.
🚫 Security Alert: OpenClaw can run shell commands, read files, and execute scripts on your machine. If misconfigured, it becomes a backdoor. Researchers have documented leaked API keys and credentials through unsecured endpoints.
What Reddit Actually Thinks About OpenClaw Clawdbot
I spent time reading through Reddit discussions about the project. The consensus surprised me.
Most users concluded that simpler alternatives cover 99% of what they actually need. The top suggestions included Claude Code connected to a simple Telegram or WhatsApp integration. No complex setup. No runaway costs. No security risks from giving an AI agent access to everything on your computer.
One highly upvoted comment summed it up. “I spent three days configuring Moltbot and lost $50 in tokens. I switched to Claude Code and finished the project in an hour.”
Others pointed to free alternatives like Kimi K2.5 or local models that eliminate API costs entirely. The general feeling was that OpenClaw solves a problem most people do not actually have.
Should You Use OpenClaw Clawdbot?
Right now, I cannot recommend it for most people.
The technology is genuinely impressive. The vision of a personal AI assistant that works across all your messaging apps is compelling. But the risks currently outweigh the benefits.
If you are a developer who understands the security implications, sets hard API limits, and carefully vets every integration, you might find value in experimenting with it. For everyone else, stick with official tools from established companies. If you are new to AI, check out our Start Here guide for safer options.
The project maintainers have acknowledged the security problems and are working on improvements. Give them time. Check back in six months. By then, the chaos may have settled and the tool may be worth another look.
Until then, your bank account and your credentials are safer with simpler alternatives.
OpenClaw Clawdbot Frequently Asked Questions
Is OpenClaw Clawdbot free to use?
The software is free and open source. However, you pay for the AI models that power it. Users report monthly API costs ranging from $300 to $750 for regular use. Some have spent over $200 in a single day from automation loops.
Why did Clawdbot change its name to Moltbot?
Anthropic raised trademark concerns because “Clawd” sounded too similar to their Claude AI products. The project rebranded to Moltbot, then later to OpenClaw. Each name change created confusion and opened security gaps that scammers exploited.
Is there an official OpenClaw VS Code extension?
No. OpenClaw has no official VS Code extension. Any extension claiming to be OpenClaw or Moltbot in the VS Code Marketplace is fake and potentially malicious. A malware version was discovered on January 27, 2026 and has since been removed.
What are safer alternatives to OpenClaw Clawdbot?
Most users recommend Claude Code with a simple messaging integration like Telegram or WhatsApp. Free alternatives include Kimi K2.5 and local models that run on your computer without API costs. These options cover most use cases without the security risks.
Leave a Reply