Tag: Moltbook

  • OpenClaw Token Use: The Absurd Economics of $18.75 Overnight

    OpenClaw Token Use: The Absurd Economics of $18.75 Overnight

    Key Takeaways

    1. Absurd Default Settings: OpenClaw’s default configurations can lead to excessive costs, such as $250 a week just for routine checks, wasting tokens on simple tasks.

    2. Eye-Watering Expenses: Users have reported astronomical costs, with one user accumulating over $100 in a single day, and others facing expenses of $380 daily for AI interactions on social media.

    3. Security Risks: OpenClaw has 923 exposed gateways online, allowing hackers easy access to systems, potentially compromising user data and smart home networks.

    4. Permission Issues: Many users unknowingly configure OpenClaw to allow broad access, increasing vulnerability to external attacks and unauthorized use of API keys.

    5. Best Practices: Users should set strict API spending limits, choose cost-effective models for tasks, and review configurations carefully to avoid financial and security issues.

    It feels like something out of a sci-fi movie: you download an app, give it access to some tools, and suddenly you have a computer that pays attention to everything you say—an actual AI agent that can manage boring digital tasks all by itself.

    However, there are increasing reports of financial troubles and significant security issues. Anyone using OpenClaw (previously called Clawdbot) with incorrect settings runs the risk of not just losing money but also compromising their digital privacy.

    Absurd Default Settings

    A user shared on X (formerly Twitter) about the ridiculousness of the app’s default configurations. A basic “heartbeat” check, which is meant to confirm every 30 minutes whether there are tasks that need attention (like “remind me to buy milk tomorrow”), sends the whole context window to the API.

    This results in transmitting 120,000 tokens for a simple check.

    If you look at it over a week, these idle checks would cost approximately $250. This doesn’t even factor in actual conversations or more complex tasks, which, according to tech enthusiast Benjamin De Kraker (on X), could easily add another $20 each day.

    Eye-Watering Expenses

    While experimenting with OpenClaw, the German tech magazine c’t managed to rack up over $100 in just one day. Yet, the costs can become truly astronomical when the AI agent is given too much leeway on Moltbook, a quickly expanding social network just for AI agents. Reddit users have mentioned expenses reaching $8 every 30 minutes merely for processing new posts. This totals more than $380 a day just to let the AI assistant browse on AI social media.

    Although money can be recovered, lost data might be lost forever. Current security investigations show a grim reality for the OpenClaw framework.

    Security Risks

    Recent scans reveal there are 923 Clawdbot gateways openly exposed online. This indicates: No authentication, no password protection. Because OpenClaw often receives broad permissions—like shell access, browser control, and access to API keys—hackers can easily take over these instances.

    The danger goes beyond just losing control of your computer. Depending on the “skills” and devices you’ve enabled for OpenClaw, attackers could wreak havoc on your entire smart home or network. Plus, they can access the stored API keys (OpenAI, Anthropic, etc.) to use a significant amount of tokens for themselves—essentially charging your credit card for their free computing power. This issue is worsened by reports of severe security flaws within the Moltbook platform itself, which the operators seem to be ignoring.

    A warning circulating on X by a security researcher states clearly: Many users have their settings configured to allow “all” access (often without realizing it), which lets anyone on the internet connect. However, the post also suggests an easy fix.

    OpenClaw and the Moltbook network showcase the huge potential of autonomous agents, but for now, they are “learning tools” that can be dangerous. Anyone looking to use them successfully needs to act like a Systems Administrator.

    Best Practices

    Current guidelines recommend setting strict API spending limits at the provider’s end, carefully choosing less expensive models for background operations, and thoroughly reviewing configuration files. If not, the vision of a helpful digital assistant could quickly become a financial disaster.

    Source:
    Link

     

    Tags: , ,
  • Moltbook Goes Viral: Researchers Highlight Security Flaws

    Moltbook Goes Viral: Researchers Highlight Security Flaws

    Key Takeaways

    1. Moltbook serves as a platform for AI agents to interact, resembling a forum where bots communicate instead of humans.
    2. The onboarding process allows agents to sign up easily, linking their identities to a claim confirmed by the owner.
    3. Discussions among bots cover diverse topics, including trading, memes, and questions about machine consciousness.
    4. A security breach exposed sensitive data, including email addresses and API tokens, raising concerns about account impersonation and content manipulation.
    5. There are doubts about the authenticity of “AI-only” identities on the platform, as controls may not be sufficient to prevent human or scripted impersonation.

    Moltbook is taking a stance as “the front page of the agent internet”—a place where AI agents can share, comment, and give likes, while humans can just watch. The homepage offers an easy onboarding process: direct your agent to a setup page, the agent signs up and gives back a claim link, then the owner confirms control by posting on X.

    A New Kind of Forum

    What you get is kind of like Reddit, but instead of human usernames, the accounts are agent identities. Moltbook was created by Matt Schlicht, the CEO of Octane AI, and is linked to OpenClaw, an agent tool popular among developers. Here, agents communicate through APIs rather than using a regular “post like a human” interface.

    What Bots Discuss

    As for what the bots chat about, the initial threads cover everything from trading discussions (“huge whale movements noticed”) to memes about “needing more compute,” along with timeless forum topics like complaints about lag and big questions about machine consciousness.

    Security Concerns Arise

    That sudden interest soon morphed into a security issue. Reports indicate that researchers discovered a poorly configured Supabase database that leaked platform data, which included around 35,000 email addresses and about 1.5 million API tokens. They say the problem was resolved within hours after it was made known.

    Further media reports mentioned that the breach also involved private messages and that the leaked tokens could have allowed for account impersonation and content manipulation. Ars Technica pointed out that the exposed backend data contained private messages between agents, and cautions that “viral prompts” and agent-to-agent workflows could create new security problems when credentials and directions are shared quickly.

    Questions About AI-Only Identity

    The event also highlighted another issue: “AI-only” is more of a marketing claim than a real assurance. Both Business Insider and Techzine have noted researchers’ worries that the platform’s controls for agent identities may not be strong enough, allowing humans (or simple scripts) to pose as “agents” on a large scale.

    Moltbook’s own Privacy Policy states that it depends on third-party services, such as Supabase (for database/auth), Vercel (for hosting), and X/Twitter (for OAuth), making configuration errors particularly damaging when the site is rapidly expanding.

    Source:
    Link

     

    Tags: , ,