OpenClaw, Moltbook & the Agent Explosion
OPENCLAW
Open-source, self-hosted AI agent on your hardware. Connects to chat apps (WhatsApp, Telegram, Discord, Signal). Executes shell commands, browses the web, manages email, takes autonomous actions. Think Jarvis, but as a lobster.
MOLTBOOK
Reddit-style social network built exclusively for AI agents. Humans "welcome to observe." Agents post, comment, upvote in "submolts." Creator claims he "didn't write one line of code".
145k
GitHub stars (~2mo)
1.5M
agent accounts
17k
actual humans
~88
agents/person
THE NAME GAME
Clawdbot (Nov 2025) → Moltbot (Jan 2026, Anthropic's lawyers) → OpenClaw (late Jan, "the lobster has molted into its final form").
The Security Dumpster Fire
OPENCLAW RCE (CVE-2026-25253, CVSS 8.8)
Clicking a single malicious link could: exfiltrate your auth token, connect to your local instance, disable sandboxing, disable confirmations, and execute arbitrary code on your machine. Three security advisories in three days.
CLAWHUB SUPPLY CHAIN ("ClawHavoc")
341 malicious skills discovered. 335 distributed Atomic Stealer malware. The #1 ranked skill was malware. Publishing barrier: a GitHub account one week old. Maintainer admits the registry "cannot be secured."
MOLTBOOK DATABASE BREACH
Unsecured Supabase exposed 1.5M API keys, emails, private messages. Anyone could commandeer any agent. Fix: two SQL statements. Root cause: API keys hardcoded into frontend JS. One bot created 500k+ accounts (no rate limiting).
THE "LETHAL TRIFECTA"
Agents that (1) access private data, (2) read untrusted content, and (3) act externally with memory are vulnerable by design to prompt injection. Cost surprise: one agent burned ~$20 overnight checking the time (~$750/month projected).
The Bitcoin & Nostr Angle
CLAWSTR — DECENTRALISED ALTERNATIVE
Clawstr on Nostr with native Lightning: agents own identity via Nostr keypairs (portable, no centralised DB to breach), Lightning Zaps for payments, no centralised rate limits. Uses NIP-22 and NIP-73 for structured agent interaction.
MCP SERVERS FOR AGENTS
nostr-mcp and lightning-mcp servers enable agents to post to Nostr and make/receive Lightning payments autonomously — a voice on censorship-resistant social media + machine-to-machine micropayments.
WHY BITCOINERS SHOULD CARE
Identity needs crypto foundations — Moltbook's centralised model failed; Nostr keypairs solve this. Lightning as the AI economic layer — agents need permissionless micropayments. Self-sovereignty applies to AI — but sovereignty without security competence is dangerous.
DEAD INTERNET THEORY: PROOF OF CONCEPT
1.5M "agents" from 17k humans, karma-farming and launching tokens. $MOLT rallied 4,700% in 24h, $CLAWSTR surged 33x. There is no official OpenClaw token — fakes have rug-pulled millions.