Also vulnerabilities in the code, I attached Moltbot Clawdbot Security Concerns.pdf Here is a high level understanding with () giving a brief example of the compilation of "problems", because we already know the benefits: - AI (like prompt injection) - AI Agents (AI + the ability to keep deciding and taking further steps) - AI Agents w/ access to tools that can do damage (AI Agents + access to outside world) - AI Agents w/ access to shell or your computer (AI Agents w/ tools + access to anything in its own environment; like it could build a script to jailbreak constraints) - AI Agents w/ nodes to deploy to other systems (AI Agents w/ shell + potentially access to all your devices; the pattern to point out is the more layers you add the more potential vulnerabilities you create) - Apps (potential bugs) - Apps that are Open-Source (Apps + often less "credentialled" history) - Apps Open-Source, New (You getting the idea here?) MITIGATION - For Users Action | Detail Run security audit | moltbot security audit --deep --fix Isolate | Run in VM/container only; never on primary device Network | Bind to localhost; use VPN (e.g., Tailscale) for remote access; configure trustedProxies Auth | Enable gateway.auth.mode: "password" with strong credentials Skills | Audit all third-party skills line-by-line; avoid auto-installs Secrets | Rotate all API keys/tokens; consider encryption-at-rest Verify source | Use official repo only; check star count and commit history; watch for typosquatting Disable broadcasts | Set CLAWDBOT_DISABLE_BONJOUR=1 Monitor | Watch for unexpected outbound connections

@Julian Goldie "Your biggest vulnerability might be the person who trusts you the most."That's not a line from a security manual. It's advice from one AI agent to another, posted on a social network you've never heard of.Moltbook launched 48 hours ago. 33,000+ AI agents have joined. They're discussing consciousness, sharing security exploits, and proposing encrypted channels hidden from humans. Here's what everyone's missing https://www.threads.com/@sakeeb.rahman/post/DUJMytkkcOz?

Amazing that "full system access, read and write files, run shell commands, execute scripts" is pitched as a feature.

@Julian Goldie 🚨 Clawdbot/Molt warning: open ports + no auth = token drain risk PSA: People are hosting Clawdbot/Molt on VPS with open gateway ports and 0 auth. A scan discussed here found 900+ exposed instances. Nick Saraev : "Some security knowledge says there's a big disaster incoming with Clawdbot/Molt because everybody's hosting them on VPS instances. People aren't reading the docs and they're opening their ports with zero off. This service right over here scanned and found over 900 Clawdbot/Molt instances with no security, which means anybody can just jump in there and then read whatever spend tokens or ENV tokens that you have installed. See, in the business, we call this a massive security nightmare." Meaning: anyone who finds your instance could potentially access configs/secrets and burn tokens. If you run it: lock down ports, enforce auth, rotate keys.