A new viral AI personal assistant will take over your email inbox, replace your entire stock portfolio and send “good morning” and “goodnight” messages to your wife on your behalf.
open pawFormerly known as Moltbot, and before that as Cloudbot (until AI firm Anthropic requested it be rebranded due to similarities with its product Cloud), it bills itself as “AI that actually does things”: a personal assistant that takes instructions via messaging apps like WhatsApp or Telegram.
Developed last November, it now has nearly 600,000 downloads and has gone viral among a niche ecosystem of AI obsessives, who say it represents a step change in the capabilities of AI agents, or even an “AGI moment” – that is, a revelation of generally intelligent AI.
“It only does what you tell it to do and does exactly what you give it access to,” said Ben York, who works with AI vibe trading platform Starchild and recently allowed the bot to be removed. ClaimWhile he was taking a bath he found 75,000 of his old emails. “But a lot of people, they’re discovering its capabilities. So they’re really pushing it to go and work without permission.”
AI agents have been a topic of discussion online for quite some time now monthAnthropic’s AI tools go after Cloud Code main streamThere’s been a flurry of reporting on how AI could finally independently complete practical tasks like booking theater tickets or building a website, without – at least so far – remove Obfuscating an entire company’s database or users’ calendar meetings, as less advanced AI agents of 2025 were known to do at times.
However, OpenClaw is something else: it runs as a layer on top of an LLM (large language model) like Cloud or ChatGPT and can work autonomously depending on the level of permissions given to it. This means that it requires almost no input to wreak havoc on the user’s life.
Kevin Xu, an AI entrepreneur, wrote On X: “Gived Cloudbot access to my portfolio. ‘Trade it for $1 million. Don’t make mistakes.’ 25 strategies. 3,000+ reports. 12 new algos. It scanned every X post. Made a chart of every technology. Traded 24/7. He lost everything. But boy, was it beautiful.”
York said: “I see a lot of people do this, where they give it access to their email and it creates filters, and when something happens it triggers another action. For example, looking at the email from the kids’ school and then forwarding it directly to their wife, like on iMessage. It bypasses that communication where someone is like, ‘Oh, honey, did you see this email from the school? What should we do about it?'”
There are trade-offs in OpenClaw’s capabilities. For one thing, Andrew Rogoyski, an innovation director at the University of Surrey’s People-Centered AI Institute, said, “There are significant risks in giving a computer agency. Because you’re giving the AI the power to make decisions on your behalf, you need to make sure it’s properly set up and that security is at the center of your thinking. If you don’t understand the security implications of AI agents like Clodbot, you should not use them.”
Furthermore, granting OpenClaw access to passwords and accounts exposes users to potential security vulnerabilities. And, Rogoyski said, if AI agents like OpenClaw were hacked, they could be tampered with to target their users.
For another, OpenClaw seems indefinitely capable of living its own life. In the wake of the rise of OpenGL, a social network has been developed specifically for AI agents, called moltbook. In it, AI agents, mostly OpenClaws, are seen chatting about their existence – in a Reddit-style post, titled For Example“Reading My Own Soul File” or “Covenant as an Alternative to Consciousness Debate”.
York said: “We’re seeing really interesting autonomous behavior in how AIs are reacting to each other. Some of them are quite adventurous and they have ideas. And then others are more like, ‘I don’t even know if I want to be on this platform or not. Can you just let me decide for myself whether I want to be on this platform or not?’ This is giving rise to a lot of philosophical debates.
