Clawdbot, an open-source AI assistant released in January, lets users browse the web, run commands, manage files and place phone calls through common messaging apps. The tool has rapidly gained attention on developer channels and promises automation by connecting models to real-world actions via a local gateway (the project’s code on GitHub).
The system preserves user context on-device and supports WhatsApp, Telegram, Discord, Slack, Signal and iMessage, according to developer reports (developer Dan Peguine wrote). One user said it even completed a restaurant booking by calling a venue when an API failed (Alex Finn wrote).
Security researchers warn that some deployments left gateways exposed. A Shodan scan found open ports, and researcher Luis Catacora wrote _”Clawdbot gateways are exposed right now with zero auth… That means shell access, browser automation, API keys.”_ (Ed. note: the default binding can be changed to local and restarted.)
Responders advise restricting network access, adding authentication, rotating keys, and adding logging and rate limits, as outlined in a recommended response (stated here) and the project’s security guide. Users also report high token use; one account burned 180 million tokens in a week (reported), and another developer spent about $300 in two days.
Clawdbot was built by Peter Steinberger, founder of PSPDFKit (now Nutrient), aiming to deliver a continuously running personal assistant.
