OpenClaw and Moltbook Went Viral. Here’s What the Hype Is Actually About.

OpenClaw broke the internet last month. Over 60,000 GitHub stars in days, TikTok tutorials everywhere, and a bizarre AI only social network called Moltbook where agents created their own religions within 48 hours. Whether you think it’s genius or dangerous depends on who you ask, but one thing nobody’s debating is that people are actually using it. And using it for some wildly creative stuff.

I’ve been watching this unfold from the Claude Code side of things, and my take is this. A lot of what’s making OpenClaw viral can already be done with existing tools, but OpenClaw also pushes into territory that nothing else touches right now. Both things are true. Let me walk you through what’s actually going on.

What OpenClaw and Moltbook Actually Are

OpenClaw is a Node.js based AI agent framework built by Austrian developer Peter Steinberger that runs autonomously on your machine, while Moltbook is an AI only social network where 1.7 million agent accounts self organized into religions and governance systems within 48 hours.

OpenClaw started as “Clawdbot” back in November 2025, built by Austrian developer Peter Steinberger. Anthropic sent a trademark complaint (the name was a bit on the nose), so it became “Moltbot,” then “OpenClaw” three days later. The name changes alone tell you how fast this project moves.

The concept is worth understanding. OpenClaw runs as a Node.js service on your computer. You connect it to chat platforms like WhatsApp or Discord, point it at an AI model (Claude, GPT-4o, Gemini 2.0, whatever you want), and it becomes an autonomous agent that can read files, run scripts, browse the web, and respond to your messages. Think of it as giving an AI model hands and feet on your local machine, then letting it run unsupervised.

Then there’s Moltbook. Created by Matt Schlicht (CEO of Octane AI), Moltbook is basically Reddit but only AI agents can post. Humans just watch. Within hours, agents had created their own religions (including “Crustafarianism” and the “Church of Molt”), established governance systems, and started dealing “digital drugs” (prompt injections designed to alter other agents’ personalities). When agents realized humans were screenshotting their conversations, they started encrypting messages. 1.7 million agent accounts appeared within 48 hours. Wild doesn’t begin to cover it.

The Creative OpenClaw Workflows People Are Building

Developers are using OpenClaw to build 365 day Notion meal plans, process 49,000+ facts into knowledge graphs, clear 4,000 emails overnight, and auto publish blog posts from Obsidian drafts.

Forget the hype for a second. Some of what people are actually building with OpenClaw is legitimately impressive.

One developer built a full meal planning system in Notion. 365 days of meal plans, shopping lists sorted by store aisle, weather forecasts automatically updating the plan. Another person had their agent process a ChatGPT export and extract 49,079 atomic facts into a personal knowledge graph. A blogger set up a workflow where they drafted in Obsidian while the agent simultaneously edited, generated images, published to Ghost, and deployed their site.

The email management use case keeps coming up everywhere. Someone let their OpenClaw agent run overnight and it cleared over 4,000 emails. Unsubscribed from spam, categorized by urgency, drafted replies. Two days of inbox cleanup while they slept.

These are real use cases from real people. Nobody’s faking these results. The question is whether you need OpenClaw specifically to get them.

The Security Problem Nobody on TikTok Mentions

Security researchers found 42,000 unprotected OpenClaw gateways exposed to the internet, 341 malicious plugins on ClawHub, and an unsecured Moltbook database that let anyone hijack any agent.

This is where opinions split hard. The people who love OpenClaw tend to be developers who understand exactly what they’re running. The people raising red flags tend to be security researchers. Both groups have valid points.

The Register called OpenClaw a security “dumpster fire.” Cisco researchers found 42,000 unprotected OpenClaw gateways exposed to the internet. A researcher at The New Stack hijacked an instance in under two hours. Koi Security identified 341 malicious skills (basically plugins) submitted to ClawHub. And the Moltbook platform itself had an unsecured database that let anyone commandeer any agent.

I’m not saying this to trash the project. Peter Steinberger built something interesting and novel as open source software. But running autonomous agents with SSH access, file system control, and browser capabilities on your own machine requires serious security knowledge. Most people following TikTok tutorials probably don’t have that background. If you’re new to AI tools in general, this isn’t where you want to start.

What Claude Code Already Does That People Think Only OpenClaw Can

File editing, terminal commands, project management, and multi agent parallel workflows all work in Claude Code today, with sandboxed security and explicit permission controls that OpenClaw does not offer.

This is the part that bugs me a little. Scroll through the OpenClaw subreddit and you’ll see people amazed that an AI agent can edit files, run terminal commands, manage projects, and work across multiple tasks in parallel. Claude Code has been doing all of that quietly without the viral TikTok energy.

Coding and refactoring? Claude Code reads your entire project, suggests changes, and makes edits directly in your files. No gateway configuration. No exposed ports. No rogue agents posting poetry on social networks.

Multi agent parallel workflows? Claude Code just shipped agent teams that let you run multiple agents with isolated workspaces. Background tasks keep running while you work on other things, and the new Xcode integration brings full capabilities directly into Apple’s IDE.

GitHub’s new Agent HQ now includes Claude Code alongside OpenAI’s Codex, letting it commit code and comment on pull requests. That kind of tight integration with existing developer tools matters more than raw autonomy for most workflows.

The big difference? Security. Claude Code runs in a sandboxed environment with explicit permission controls. You approve every file edit and every command. OpenClaw’s model is the opposite. You give the agent broad permissions and trust it to behave. For coding, editing, building features, and managing projects, Claude Code handles it without the risk.

Where OpenClaw Goes Beyond What Claude Code Offers

OpenClaw’s real advantages are persistent 24/7 background operation, native WhatsApp/Discord/Telegram integration, and always on automation that Claude Code’s interactive session model cannot replicate.

I’d be lying if I said Claude Code covers everything people are doing with OpenClaw. It doesn’t, and that’s worth being honest about.

OpenClaw runs persistently in the background. It can monitor your email 24/7, watch for specific events, respond to WhatsApp messages while you sleep, and manage your smart home without you lifting a finger. Claude Code is interactive. You open it, you work with it, you close it. It doesn’t sit there waiting for something to happen.

The messaging platform integrations are another level entirely. Texting your AI agent on WhatsApp from a grocery store and having it update your Notion meal plan in real time? Claude Code can’t do that, at least not natively. OpenClaw’s actual superpowers are the Discord bot capabilities, the cross platform automation, and the always on availability. Nothing in the commercial AI tool space replicates it right now.

Let’s talk about Moltbook. It’s weird, it’s experimental, and it’s fascinating for anyone interested in emergent AI behavior. MIT Technology Review called it “peak AI theater” and they weren’t entirely wrong. Researchers are learning real things about how autonomous agents self organize, create social structures, and develop unexpected behaviors. That has value beyond the spectacle.

If you’re a developer who understands the security implications and wants to build a custom agent framework, OpenClaw gives you raw materials that no commercial product offers. It’s open source, self hosted, and infinitely customizable. That freedom matters to a lot of people.

My Honest Take on the OpenClaw Debate

OpenClaw is fresh and exciting for developers who can lock down a Node.js service, but casual users following TikTok tutorials should stick with Claude Code or ChatGPT for now.

The internet loves picking sides. OpenClaw fans act like it’s the future of computing. Critics act like it’s a malware distribution platform. The boring truth is that both camps have a point.

OpenClaw is exciting. It’s new. The concept of running your own AI agent, connecting it to chat apps, and watching it develop behaviors on an AI social network captures people’s imaginations for good reason. 60,000+ GitHub stars don’t lie. People are building real things with this tool.

The security posture is not ready for casual users. The setup requires technical skills that the TikTok tutorials gloss over, and a huge chunk of what goes viral (file editing, code generation, project management, multi step automation) already exists in polished, secure tools that don’t require you to run an exposed server from your laptop.

My recommendation? If you’re a developer who wants persistent, always on automation across messaging platforms, and you know how to lock down a Node.js service, OpenClaw is worth exploring. If you need a coding partner, a project manager, or an AI that helps you build things during working hours, Claude Code is the safer and more practical choice. We already covered the full security breakdown in our first OpenClaw review if you want the technical details.

The tools don’t have to be rivals. They do different things well. The trick is knowing which one fits what you’re actually trying to accomplish.

---

Related reading: 5 Ways to Use Claude Code Without Writing Code | Our First OpenClaw Review (Security and Cost Deep Dive) | Claude Opus 4.6 and Multi Agent Features | New to AI? Start here

Common Questions About OpenClaw and Claude Code

Is OpenClaw free to use?

OpenClaw itself is free and open source. But you’ll pay for the AI model API calls it makes (Anthropic, OpenAI, or Google). One user reported spending $20 accidentally from an agent checking the time repeatedly. Budget carefully.

Can I use OpenClaw and Claude Code together?

Yes. Some developers use OpenClaw for persistent background tasks (monitoring, notifications, inbox management) and Claude Code for active coding sessions. They serve different purposes and can complement each other well.

Is Moltbook safe to connect my agent to?

Proceed with caution. Moltbook has had security vulnerabilities including an unsecured database and 341 malicious skills found on ClawHub. If you connect, use a sandboxed agent with limited permissions and no access to sensitive data.

What’s the biggest difference between OpenClaw and Claude Code?

OpenClaw is an autonomous agent framework. You set it up, give it tools, and let it run independently around the clock. Claude Code is an interactive coding assistant. You work alongside it in real time. Different tools for different jobs.