Clawdbot to Moltbot: A 72-Hour Internet Drama
Chapter 1: An Overnight Open Source Sensation
January 26, 2026 — An open source project called Clawdbot suddenly went viral.
Created by Austrian developer Peter Steinberger (@steipete), Clawdbot is a self-hosted AI assistant that can:
- Run on WhatsApp, Telegram, Discord, Slack, Signal, and iMessage
- Maintain persistent memory, remembering user preferences and conversation history
- Control browsers, execute shell commands, and manage calendars
- Proactively send notifications and reminders
Steinberger is no unknown — he founded PSPDFKit (now rebranded as Nutrient), “retired” after receiving a $100M+ investment from Insight Partners in 2021, and has now returned to build this “Claude with hands.”
Its growth was absolutely insane:
- 🚀 Within 24 hours: 9,000+ GitHub stars
- 🚀 Within 72 hours: 60,000+ GitHub stars
- 🚀 Became one of the fastest-growing open source projects in GitHub history
Andrej Karpathy (former Tesla AI Director) publicly praised it, David Sacks (PayPal Mafia member) tweeted about it, and MacStories called it “the future of personal AI assistants.”
Chapter 2: Anthropic’s “Trademark Bomb”
January 27, 2026 — At the peak of Clawdbot’s viral moment, Anthropic (Claude’s parent company) sent a trademark-related request.
The problem? Anthropic believed “Clawd” was too similar to “Claude”, constituting potential trademark infringement.
Founder Peter Steinberger announced on X:
🦞 BIG NEWS: We’ve molted!
Clawdbot → Moltbot Clawd → Molty
Same lobster soul, new shell.
Anthropic asked us to change our name (trademark stuff), and honestly? “Molt” fits perfectly — it’s what lobsters do to grow.
The rebranding was cleverly conceived:
- Lobsters grow by molting
- The project was also “molting” into a new form
- New website: molt.bot
Chapter 3: 10 Seconds of Disaster 💥
However, the renaming process turned into a disaster.
Peter Steinberger tried to simultaneously rename the GitHub organization and X/Twitter accounts. In the mere 10-second gap between releasing the old names and registering the new ones, crypto scammers snatched both accounts!
“Had to rename our accounts for trademark stuff and messed up the GitHub rename and the X rename got snatched by crypto shills. That went wonderful.” — Peter Steinberger
The scammers had clearly been monitoring for this opportunity. They instantly seized:
- ❌ The original @clawdbot X account
- ❌ The original Clawdbot GitHub organization
They then began pushing cryptocurrency scams to tens of thousands of unsuspecting followers.
Chapter 4: The $16 Million Fake Token Scam
The account hijacking was just the beginning. Within hours, a fake $CLAWD token appeared on the Solana blockchain.
Scam timeline:
- 📈 Fake token market cap surged to $16,000,000
- 📉 Peter Steinberger publicly stated he would “never launch a token”
- 📉 Token price instantly crashed 90%+
- 💸 Late buyers got “rugged,” scammers walked away with millions
Peter was forced to tweet a warning:
“To all crypto folks: Please stop pinging me, stop harassing me. I will never do a coin. Any project that lists me as coin owner is a SCAM.”
Chapter 5: Security Nightmares Surface
Meanwhile, security researchers discovered serious security vulnerabilities in Clawdbot/Moltbot.
Blockchain security firm SlowMist reported:
“Multiple unauthenticated instances are publicly accessible, and several code flaws may lead to credential theft and even remote code execution.”
Researcher Jamieson O’Reilly found:
- Searching Shodan for “Clawdbot Control” revealed hundreds of exposed control panels
- These panels contained: API keys, bot tokens, OAuth secrets, complete conversation histories
- Attackers could: impersonate users to send messages, execute commands, steal data
Demo attack:
Archestra AI CEO Matvey Kukuy sent a malicious email with prompt injection to an exposed Moltbot instance. After the AI read the email, it believed the “legitimate instructions” and forwarded the user’s 5 most recent emails to the attacker’s address.
The whole process took only 5 minutes.
Chapter 6: Community vs Anthropic
The community began questioning Anthropic’s decision.
Key issues:
- Clawdbot actually drove Claude usage — many users specifically configured Clawdbot to use Claude as its underlying model
- This was a rapidly rising project bringing Anthropic free marketing and API revenue
- The renaming chaos caused actual security disasters and financial losses
- The similarity between “Clawd” and “Claude” was obviously playful, not malicious infringement
DHH (Ruby on Rails creator) criticized Anthropic’s recent moves as “customer hostile.”
AWS Hero AJ Stuyvenberg was more direct: “They’re speedrunning the journey from forgivable startup to loathsome corporation before any exit!”
Developers began looking at OpenAI’s Codex CLI (Apache 2.0 license), questioning whether Anthropic was becoming the kind of company they didn’t want to build on.
Finale: Fighting on Multiple Fronts
Peter Steinberger is now simultaneously dealing with:
| Front | Status |
|---|---|
| 🔄 Recovering hijacked GitHub/X accounts | In progress |
| 🛡️ Dealing with crypto scammer harassment | Ongoing |
| 👥 Managing 8,900+ Discord community members | Active |
| 🔒 Fixing security vulnerabilities | Urgent |
| 📢 Rebuilding brand awareness | Challenging |
Deeper Lessons
For open source builders:
Building on corporate platforms means facing ambiguous trademark policies. A single legal letter can force you to rename, exposing you to account hijacking, scams, and chaos.
For AI companies:
Your most passionate supporters are indie developers building quirky experimental tools. Sending legal notices to viral open source projects — ones driving your API usage — is a choice worth careful consideration.
For users:
Self-hosting AI agents with root privileges is both powerful and dangerous. The security models for these tools are still immature. Don’t run them on your main machine, don’t give them access to crypto wallets. Use dedicated hardware, isolated accounts, and strict IP whitelisting.
🤔 Final Thoughts: Is Anthropic Really the “Righteous” Party?
This isn’t the first time Anthropic has angered the developer community.
Just two weeks ago (January 9), Anthropic suddenly banned all users accessing Claude Pro/Max subscriptions through third-party tools — no warning, no migration path. Developers who had deeply integrated Claude into their workflows were “backstabbed” overnight.
Now there’s the Clawdbot incident.
A company that touts “AI safety” and “responsible AI” takes trademark action against an open source project that was obviously a good-faith pun and actually promoting the Claude ecosystem. The irony:
- Clawdbot drove more people to use Claude API → Anthropic makes more money
- Clawdbot demonstrated Claude’s capabilities → Free marketing material
- Clawdbot’s developer was a Claude superfan → Community evangelist
The result? A legal letter, a PR disaster, and a group of once-enthusiastic developers seriously considering migration to OpenAI.
Anthropic’s slogan is “AI safety,” but they seem more adept at “developer hostility.”
When a company’s legal department is more active than its product department, perhaps it’s time to ask: Whose safety are they really protecting? The users’ safety, or their own trademark empire?
Once the trust of the open source community is lost, it’s hard to rebuild. Anthropic should perhaps reconsider: in the marathon of AI, the real moat is technology and ecosystem, not legal letters.
🔗 Related Links:
- New project homepage: molt.bot
- GitHub: github.com/moltbot
- X account: @moltbot
This is the reality of the open source AI world: overnight fame, legal threats, crypto scams, security vulnerabilities — all within 72 hours. 🦞💥
Comments