Comment by cactusplant7374
5 hours ago
Peter Steinberger made an AI personal assistant. It looks like an interesting project that threatens major players like Apple and Amazon. People seem increasingly jealous of the success. What makes this any less secure than e-mail? I just don't see it. There are plenty of attack vectors of every piece of tech we use.
This might make it less secure? https://apkash8.medium.com/moltbot-security-breach-wakeup-ca...
Wow great writeup and holy cow that's bad - I'm still trying to understand what OpenClaw/Moltbot can do that makes it worth this to so many people.
There's a lot of, to put it lightly, bullshit in this blog article, starting with when openclaw was released (late November 2025, not January 25, 2026). The first bit of config — "listen: "0.0.0.0:8080" — is not the default. Default is loopback and it was when I first encounter this project at the end of December.
Essentially, the author has deliberately misconfigured an openclaw installation so it is as insecure as possible, changing the defaults and ignoring the docs to do so. Lied about what they've done and what the defaults are. Then "hacked" it using the vulnerability they created.
That said, there are definite risks to using something like openclaw and people who don't understand those risks are going to get compromised, but that doesn't justify blatant lying.
https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
the "with hands" part, which is it's whole thing.
My email client won't decide on its own to delete all my email, forward a private email to someone who shouldn't see it, or send my bank password to a scammer who asks for it in the right way.