The Clawdbot open-source AI assistant launched in January and quickly attracted attention. Since that January release it had accumulated over 10,200 stars on GitHub and about 8,900 members in its Discord community. Clawdbot can run locally on a wide range of hardware and connects across WhatsApp, Telegram, Discord, Slack, Signal, and iMessage, according to the project description.
The project can execute terminal commands, control browsers, manage files, and make phone calls, and it uses the Model Context Protocol to connect AI models with real-world actions without human intervention. Shodan scans found gateways exposed with zero authentication, which the reporting said could allow shell access, browser automation, API key exposure, and remote control.
Clawdbot’s heavy token usage prompted suggestions for using lower-cost models or local deployments.
The Clawdbot open-source AI assistant offers a suite of powerful functionalities designed to enhance productivity and streamline tasks. One of its core strengths is its ability to run locally on virtually any hardware, offering flexibility and accessibility to users with different setup requirements. This capability ensures a broad range of compatibility and allows Clawdbot to be utilized in numerous computing environments.
Clawdbot’s integration capabilities span across multiple popular messaging platforms, including WhatsApp, Telegram, Discord, Slack, Signal, and iMessage. This enables seamless communication and interaction, allowing users to manage messages and perform tasks across these platforms from a centralized AI assistant. The assistant’s functionality extends beyond basic messaging tasks, as it is also equipped to execute terminal commands, which provides users with advanced control over system operations directly from their chat interfaces.
In addition to messaging and command execution, Clawdbot can also manage files, control web browsers, and make phone calls. These capabilities enhance user efficiency by automating routine tasks. The integration of advanced functionalities with popular communication tools makes Clawdbot a versatile assistant for both personal and professional use. Central to these operations is the use of the Model Context Protocol, which enables AI models to interact with real-world actions without requiring human intervention. This protocol facilitates a smooth translation from virtual to physical actions, broadening the scope of what Clawdbot can achieve autonomously.
Reports noted that Clawdbot’s operation involves heavy token usage. That heavy token usage prompted suggestions from community members and experts to use lower-cost AI models or to deploy models locally. Those suggestions were offered specifically as ways to reduce operating costs. Community commentary suggested evaluating model choices and favoring on-device deployments where feasible.
Alex Finn wrote on X that “When the OpenTable res didn’t work, it used its ElevenLabs skill to call the restaurant and complete the reservation,” and added, “AGI is here, and 99% of people have no clue.” Finn’s post described an instance in which Clawdbot used an ElevenLabs voice capability to make a phone call and complete a reservation. The reporting presented the quote as an example of Clawdbot performing end-to-end real-world actions, including placing calls.
Shodan found gateways exposed with zero authentication. The reporting included a direct statement that “Clawdbot gateways are exposed right now with zero auth (they just connect to your IP and are in)… That means shell access, browser automation, API keys. All wide open for someone to have full control of your device.” The reporting said the exposed gateways connected directly to a user’s IP address and did not require authentication. The reporting identified that state as creating risk of shell access, browser automation, API key exposure, and remote control.
Remedial steps listed in the reporting included restricting network access, adding authentication and encryption, rotating keys, and implementing rate limits, logging, and alerting. The reporting presented these measures alongside the description of exposed gateways. The reporting also noted that the exposures were discovered through scans. The reporting placed the security findings in the context of Clawdbot’s operational features.
To address the security exposures identified with Clawdbot gateways, several remedial measures are recommended. Restricting network access is an essential first step to limit entry points for unauthorized users. Adding layers of authentication and encryption is crucial to ensure that only authorized individuals can access or control the system. Rotating keys regularly helps in minimizing the risk of compromised credentials being used repeatedly.
Additionally, implementing rate limits is advised to prevent abuse through repeated attempts to access the system. Establishing comprehensive logging provides a trail of activities, aiding in the detection and investigation of suspicious actions. Combined with logging, the use of alerting mechanisms ensures that potential security incidents are flagged in real-time, enabling timely responses to threats.
The Clawdbot open-source AI assistant has seen rapid adoption since its January release, amassing over 10,200 GitHub stars and about 8,900 Discord members. Its advanced functionalities include the ability to run locally on nearly any hardware, integrations across WhatsApp, Telegram, Discord, Slack, Signal, and iMessage, and capabilities to execute terminal commands, control web browsers, manage files, and make phone calls.
Security disclosures reported that Shodan found gateways exposed with zero authentication, creating risks including shell access, browser automation, API key exposure, and remote control. The reporting presented remedial measures such as restricting network access, adding authentication and encryption, rotating keys, and implementing rate limits, logging, and alerting, emphasizing the importance of applying these safeguards.
