it’s pretty funny how quickly it got renamed. I actually just wrote a small post about how to secure moltbot. It’s a nifty little product, but it ships insecure
Rahul Sood, a known name in entrepreneurial circles, posted an article on X a few days ago, where he pointed out the issues with Moltbot. His main concern was prompt injection attacks.
Malicious PDFs or emails could trick the AI underneath into executing hidden commands. Since Moltbot connects to WhatsApp, Telegram, and Discord, any message, document, or webpage could become a potential attack vector.
Similar concerns were raised by another person, to which Peter replied with a list of existing safeguards that included things like enabling sandbox mode, using allowlists for commands, and running the built-in security audit tool.
If you think Rahul's word is not authoritative enough for you, then the folks over at InfoStealers have laid out how Moltbot stores sensitive information like user profiles, memories, and authentication tokens in plaintext files that any malware can read.
They coin it as "Cognitive Context Theft" because hackers get access not only to passwords but also to a user's entire workflow, routines, and who they talk to. Further adding that major Malware-as-a-Service (MaaS) families like Vidar, RedLine, and Lumma are already adapting to target it.
This app is incredibly dangerous, as of yesterday it has 43 critical flaws leaving users data, credentials and chat history wide open for people to steal. The developer has also stated that they never check the code that they commit to the repository, so chances are this project will always have holes in it leaving unknowing users open to data breaches.
Moltbot*
It's been renamed.
Yep, just today. I added a note
I did kind of like the old bot and named better though
yeah, that rename happened really quick
it’s pretty funny how quickly it got renamed. I actually just wrote a small post about how to secure moltbot. It’s a nifty little product, but it ships insecure
This is game changing. Excited to see AI tools becoming more practical for everyday tasks.
OpenClaw now lol
A Banquet of Security Holes
Rahul Sood, a known name in entrepreneurial circles, posted an article on X a few days ago, where he pointed out the issues with Moltbot. His main concern was prompt injection attacks.
Malicious PDFs or emails could trick the AI underneath into executing hidden commands. Since Moltbot connects to WhatsApp, Telegram, and Discord, any message, document, or webpage could become a potential attack vector.
Similar concerns were raised by another person, to which Peter replied with a list of existing safeguards that included things like enabling sandbox mode, using allowlists for commands, and running the built-in security audit tool.
If you think Rahul's word is not authoritative enough for you, then the folks over at InfoStealers have laid out how Moltbot stores sensitive information like user profiles, memories, and authentication tokens in plaintext files that any malware can read.
They coin it as "Cognitive Context Theft" because hackers get access not only to passwords but also to a user's entire workflow, routines, and who they talk to. Further adding that major Malware-as-a-Service (MaaS) families like Vidar, RedLine, and Lumma are already adapting to target it.
bron: its Foss
This app is incredibly dangerous, as of yesterday it has 43 critical flaws leaving users data, credentials and chat history wide open for people to steal. The developer has also stated that they never check the code that they commit to the repository, so chances are this project will always have holes in it leaving unknowing users open to data breaches.