A space lobster on your computer
Imagine an Austrian developer creates a personal AI assistant, names it after a space lobster, and decides to open-source it. Within 24 hours it has 9,000 GitHub stars. Within 48 hours, 17,000. It also has 300+ open issues, several of them critical security vulnerabilities, and someone has created an unofficial cryptocurrency with its name.
Welcome to Clawdbot.
What exactly is this?
Clawdbot is an open source AI assistant that runs locally on your machine. The difference from other assistants: it doesn’t just answer questions, it does things.
It can connect to WhatsApp, Telegram, Discord, Slack, and iMessage. It can read your emails. Access your calendar. Create files. Execute code. And most interestingly: it can learn new skills on the fly.
The creator is Peter Steinberger, a well-known name in mobile development (he founded PSPDFKit and sold the company). It started as a personal project: his private assistant was called Clawd, had the personality of a space lobster, and managed his digital life.
In January 2026 he decided to release the code. And here we are.
What’s cool about it
The beauty of Clawdbot is that it’s a real agent. It’s not a chatbot that responds and stays put. It’s a system that can:
- Schedule recurring tasks
- Execute actions on your behalf
- Create new skills for itself
That last point is key. If you ask it something it doesn’t know how to do — “convert this video to GIF” — it writes the necessary code, installs it as a new skill, and executes the task. Next time it already knows how to do it.
A user on Hacker News said he used it to manage rental inquiries on Facebook Messenger. Clawdbot filtered messages, scheduled visits, and completed 9 out of 10 tasks correctly.
Another developer had it debug a bug in their code. Clawdbot found the problem, wrote the fix, and sent a pull request that ended up being merged.
In plain English: it’s like having an intern who never sleeps, never complains, and learns fast.
What’s concerning (and should be)
But here comes the heavy stuff. And it’s really heavy.
300+ open issues
The project has over 300 open issues on GitHub, many of them bug reports and security vulnerabilities. This isn’t necessarily bad — popular projects always have issues — but it gives you an idea of the maturity state.
No sandboxing
Clawdbot runs with the same permissions as your user. No VM. No container. No isolation. If you give it access to something, it has real access.
As someone said in the HN thread:
“Giving root access to a process with internet connection and no guardrails is… a choice.”
Hardcoded OAuth credentials
Hardcoded OAuth credentials were found in the repository. The maintainers argue it’s standard practice for distributed open source software, but it still raises eyebrows.
Prompt injection
The system doesn’t have robust mechanisms against prompt injection. If Clawdbot visits a malicious website, the content of that site could manipulate its behavior. There’s no labeling of data as “untrusted.”
The cost
One user reported spending $300 in 2 days just on API calls. Clawdbot uses a lot of context, and that adds up.
The hype and the noise
The project appeared in 6 YouTube videos in the first 24 hours. Someone created an “official” cryptocurrency token (spoiler: it’s not official, the creator has denied it) that reached 6 million in market cap.
There are Medium articles selling it as “revolutionary.” There are also developers on Twitter saying it’s basically Claude Code with more integrations and less security.
The truth, as always, is somewhere in between.
My take
Clawdbot is interesting for what it represents, not for what it is right now.
What it is now: a functional but immature prototype, with significant security holes, that requires technical knowledge to use responsibly.
What it represents: the democratization of AI agents. The idea that anyone can have an assistant that does things, not just says things.
Do I recommend installing it today? Probably not. Not if you have sensitive data on your machine. Not if you don’t understand what you’re running.
Is it worth keeping an eye on? Absolutely. The concept is powerful. The community is active. And if they manage to solve the security issues, this could be big.
How to try it (if you dare)
If after all this you’re still curious, the project is at github.com/clawdbot/clawdbot and the documentation at docs.clawd.bot.
My advice:
- Do it in a VM — Never on your main machine
- Read the issues — Especially the security ones
- Don’t give it access to anything sensitive — No real email, no calendars with important data
- Monitor API spending — Set billing limits from the start
Closing thoughts
Clawdbot is the kind of project that makes you think about the near future. A future where every person has a personal AI agent that manages their digital life.
It’s also the kind of project that reminds you that future comes with significant risks. Giving an AI access to your email, your calendar, your WhatsApp, and the ability to execute arbitrary code is… a lot.
The question isn’t whether these assistants will exist. They already do. The question is whether we’ll be able to use them without shooting ourselves in the foot.
For now, the space lobster is a fascinating experiment. But I’d keep it in its virtual aquarium until it matures a bit more.
Want to see how an AI agent works with better sandboxing? Here I explain the difference between Claude Desktop and Claude Code, and why Anthropic decided to put an entire Ubuntu inside your Mac.