VibeAudits
SecurityBlog Post

64,000 GitHub stars → $16M scam → openclaw / clawdbot security nightmare

What the Clawdbot/Moltbot disaster - 64K GitHub stars, $16M scam, exposed credentials in 72 hours — teaches us about why vibe-coded apps aren't production-ready (and how to fix it).

January 27, 2026
1 min read
64,000 GitHub stars → $16M scam → openclaw / clawdbot security nightmare

All in 72 hours.

Here's what the Clawdbot/Moltbot disaster teaches us about vibe-coded apps:

There's a popular belief that "working code" = "production-ready code"

Especially when AI wrote it for you.

But what if I told you this is completely wrong?

Let me explain with the wildest story in open source right now.

The Setup

Clawdbot = self-hosted AI assistant

Created by Peter Steinberger (the guy who built PSPDFKit)

Think "Claude with hands"

It doesn't just chat. It acts: → Reads your files → Opens browsers → Executes shell commands → Sends messages for you → Runs 24/7 automations

The project hit 9,000 stars in 24 hours

Eventually crossed 64,000+ stars

Andrej Karpathy praised it

Mac Minis sold out

Everyone wanted their own "AI Jarvis"

Then it all fell apart.

The 72-Hour Unraveling

Day 1: The Trademark

Anthropic (the $18B company behind Claude) sent a trademark request

"Clawd" sounded too much like "Claude"

Fair enough. Steinberger rebranded to "Moltbot"

("Molt" = what lobsters do to grow. Clever.)

Day 2: The 10-Second Disaster

During the rename, something went wrong.

Steinberger released the old GitHub org name before claiming the new one.

In 10 seconds, crypto scammers snatched both accounts.

His own words:

"It wasn't hacked. I messed up the rename and my old name was snatched in 10 seconds... they were already waiting."

Day 3: The $16M Scam

Fake $CLAWD tokens appeared on Solana

The token hit $16 million market cap

Then collapsed

Late buyers got rugged

Scammers walked away with millions

But here's what most people missed

While everyone was watching the crypto drama...

Security researchers found the real problem:

❌ Hundreds of Moltbot instances exposed publicly

❌ No authentication on control servers

❌ API keys, OAuth tokens, conversation histories — all visible on Shodan

❌ Prompt injection attacks worked in 5 minutes

One researcher sent a malicious email → the AI forwarded the user's last 5 emails to an attacker address

5 minutes. That's all it took.

Why this matters if you're vibe coding

Here's the uncomfortable truth:

Most vibe-coded apps have the exact same vulnerabilities.

Vibe coding is amazing: ✅ Describe what you want ✅ AI generates code ✅ Working demo in hours

But "working" ≠ "production-ready"

The Moltbot issues weren't edge cases:

  1. Exposed credentials → devs ran servers without auth
  2. No input sanitization → system trusted all inbound messages
  3. Excessive permissions → full disk access by default
  4. No sandboxing → groups ran with same privileges as owner

Sound familiar?

These are the exact vulnerabilities we see in every vibe-coded app we audit.

The vibe coding paradox

The same AI capabilities that make vibe coding possible...

Also make security failures catastrophic.

When your AI can: → Execute shell commands → Access your files → Send messages as you → Browse with your credentials

A single vulnerability = complete compromise.

What you need before going to production

Based on the Moltbot disaster:

1. Authentication ❌ What went wrong: Public instances without auth ✅ What to do: Auth on all control surfaces. Allowlists. Pairing codes.

2. Input Sanitization ❌ What went wrong: Malicious email → data exfiltration ✅ What to do: Treat ALL inbound messages as untrusted

3. Least Privilege ❌ What went wrong: Full shell access by default ✅ What to do: Minimal permissions. Sandboxed environments.

4. Secret Management ❌ What went wrong: API keys exposed on Shodan ✅ What to do: Never store secrets in code. Use secret managers.

5. Monitoring ❌ What went wrong: No visibility into agent actions ✅ What to do: Log everything. Alert on suspicious behavior.

The bottom line

Moltbot is genuinely impressive tech.

64,000 stars aren't hype.

But the security model wasn't ready.

And this is the gap in the AI ecosystem right now:

We're building powerful tools with rapid methods.

Our security practices haven't caught up.

At VibeAudits, this is what we do

We take vibe-coded apps from prototype → production-ready

What we handle:

→ Security audits (auth, prompt injection, API security, secret management) → Security hardening (we don't just find problems — we fix them) → Full-stack dev (infra, CI/CD, testing, documentation) → Ongoing support (regular reviews, vulnerability monitoring, incident response)

The reality?

AI: Get a quick version that looks like a real product, but isn't :P

Engineering makes them real.

Ask yourself

→ Would my app survive a Shodan scan? → What happens if someone sends a malicious prompt? → Are my API keys protected? → Do I have visibility into what my AI is doing?

If you're not sure about any of these...

You're not ready for production.

The good news: these problems are solvable.

The Moltbot community is already recovering.

Let their lessons make your project stronger too.

Ready to take your vibe-coded app to production?

→ vibeaudits.com

We'll help you ship with confidence.

PS: Just like inference costs dropped 1000x in two years, the cost of NOT doing security audits is about to become very obvious. Don't learn this lesson the hard way.

VibeAudits

Security Experts

Need a Security Audit?

Don't let security vulnerabilities crash your vibe-coded app. Get a professional audit and launch with confidence.