Clawdbot was everywhere. My Twitter feed was flooded with it, Discord communities were buzzing, tech podcasts kept mentioning it, everyone seemed to be raving about this new self-hosted AI assistant that could supposedly do actual work on your computer. At first, I thought it was just another hype cycle. But after watching the project hit 30,000 GitHub stars in a matter of weeks, I couldn’t ignore it anymore. I had to peep closer and see what the fuss was about.

Boy, am I impressed. And also a little concerned about the security implications.

Here’s what I learned after installing it on my Hetzner VM and getting it working as my personal AI assistant.

What Is Clawdbot (Now Called Moltbot)?

First, a quick naming note: Clawdbot recently rebranded to Moltbot due to a trademark issue with Anthropic over the name resemblance to Claude. The community still uses both names interchangeably, so don’t be confused when you see them thrown around.

The core idea is simple but powerful: instead of visiting a website or app to chat with AI, Clawdbot/Moltbot lives in messaging apps you already use. Telegram, WhatsApp, Discord, Slack, iMessage, and more. It runs as a self-hosted service on your own hardware, a VPS, your Mac, a Raspberry Pi, whatever. It connects to Claude or other AI models via API, and can actually perform actions on your system: managing files, running commands, automating workflows, sending proactive notifications.

It’s not just a chatbot. It’s an AI agent that can do things.

Installation: Easier Than I Expected

I was nervous about the setup. I’ve deployed plenty of things on servers, but this felt different—giving an AI shell access to my Hetzner VM seemed risky. Turns out, the installation is surprisingly straightforward.

The wizard walks you through everything: choosing your AI model (I went with Claude 3.7 Sonnet for the balance of capability and cost), selecting a messaging platform, and setting up authentication. The whole process took about 20 minutes.

The only hiccup was a PATH issue afterward—npm installed the CLI globally, but it wasn’t in my shell’s PATH. Quick fix: added /home/trader/.npm-global/bin to my PATH variable, and I was good to go.

Why Telegram, Not WhatsApp?

During onboarding, I initially chose WhatsApp because I use it more. But there was a problem: WhatsApp messages you send to yourself look identical to responses from the bot—same bubble color, same everything. It’s confusing as hell.

Switched to Telegram, which has a cleaner UX for bot conversations. When you find your bot and message it, you can clearly see your messages vs. the bot’s responses with different formatting. Much better for daily use.

Setup was simple: get a bot token from BotFather, configure it, approve a pairing code, and done. Now I can message August (that’s what I named my assistant) from Telegram whenever I need it.

What I’m Actually Using It For Right Now

This is the practical part. I set up two core systems immediately.

Task Capture: The excitement of setting this up was honestly in the details. I named my assistant August, and from that moment on, I could call it by name in Telegram. “Hey August, I’m working on the Clawdbot blog post” instead of messaging some generic bot. It sounds small, but it changes how you interact with it. Throughout the day, I send random thoughts, work updates, and tasks to August. No special format needed. At the end of the day, it summarizes everything organized by category: Tasks and Action Items, Ideas and Concepts, Work Progress, Questions and Issues, Decisions Made. This is already saving me time, and having a named assistant that responds to me personally makes it feel less like automation and more like having a colleague who actually gets what I’m doing.

Morning Briefing: Every day at 8 AM, August sends me a summary of my calendar, relevant tech and AI news, and priority tasks. It’s proactive. I don’t have to ask. The AI just reaches out and tells me what matters today.

Both are working. I’m testing them over the next week to see how useful they actually become, but the initial setup was seamless.

The Security Reality Check

Here’s where I have to be honest: Clawdbot/Moltbot comes with real security risks that the hype isn’t always talking about.

The biggest issue is that if you expose the gateway port (18789) to the internet without proper authentication and hardening, you’re essentially giving an AI remote command execution access to your server. Attackers can interact with it, issue commands, access files, or compromise your whole system.

I’ve read reports of people finding hundreds of exposed Clawdbot instances on Shodan. Misconfigured gateways broadcasting their existence to anyone looking. That’s dangerous.

The documentation is honest about this, which I appreciate. The recommended approach: run it on dedicated hardware (not your daily laptop), use Docker sandboxing for risky operations, create separate agents for different security profiles, and never expose the gateway without strong authentication and network controls.

I’m keeping mine bound to loopback (local only) for now. If I want remote access later, I’ll use Tailscale or SSH tunnels—proper security infrastructure, not just opening ports.

The Real Appeal

After a few hours with it, I get why everyone’s talking about this.

Most AI assistants are passive. ChatGPT sits in a browser tab waiting for you to visit. Clawdbot is different. It can reach out to you. It remembers everything you tell it. It can execute workflows, monitor conditions, and alert you when something happens. It bridges the gap between “I’m thinking” (what AI usually does) and “I’m doing” (what we actually need).

For someone building automation systems and content creation workflows like I am, this is genuinely useful. It’s not perfect—there are edge cases and rough edges—but it feels like the closest thing to a real personal AI assistant that actually exists right now.

What’s Next

I’m planning to document the full journey here as I expand what August can do. Email integration, n8n workflow connections, more sophisticated automations—there’s a lot to explore.

But I’m doing it carefully. Installing software that has shell access to your server is a decision that deserves respect, not just excitement. I’m building slowly, testing thoroughly, and documenting the security decisions I make along the way.

If you’re curious about this project, my recommendation is to install it in a sandbox first. Get comfortable with it. Then, if you want to use it seriously, set it up properly on dedicated hardware with security in mind.

The hype is justified, but the responsibility is real.