OPENCLAW is an open-source, autonomous AI agent launched in November 2025 that runs locally on a user’s computer and can manage tasks, interact with apps, and read and write files, effectively acting as a personal digital assistant that can integrate with chat apps to automate emails, scan calendars, and browse the internet for information.
It was previously known as ClawdBot, then renamed to Moltbot after clashing with Anthropic over its tool named “Claude,” a shift that coincided with impersonation campaigns by cybercriminals. The first observed case of an infostealer stealing a complete OpenClaw configuration was reported by Hudson Rock, highlighting risks of looting the agent’s identity rather than just credentials.
The Dutch data protection authority, Autoriteit Persoonsgegevens, warned organisations not to deploy experimental agents like OpenClaw on systems handling sensitive data due to privileged local access, immature security engineering, and a growing ecosystem of third‑party plugins.
Microsoft provided a set of defensive recommendations for self‑hosted, internet‑connected agents with durable credentials, advising sandboxed runtimes, least privilege, restricted registries, regular logging, and keeping a malware solution up to date, according to Microsoft. Researchers note prompt injection risks and log poisoning, with instances where attackers could obtain plaintext credentials or tokens via poisoned emails, websites, or logs processed by the agent.