As OpenClaw explodes in popularity, its security issues are increasingly coming to light. Whether it’s recent official updates tightening permissions or government security advisories, everyone is paying more attention to 🦞 security. This time, let’s start from SlowMist’s minimalist security practice guide and analyze the new paradigm of attack and defense in the Agent era.
A source code analysis of 68 releases (v0.1.0 → v2026.3.1), tracing an AI product’s real journey from 0 to 1.
Introduction # In November 2025, a project called warelay quietly came into existence. Four months later, it became OpenClaw—an AI Agent platform supporting 8 messaging channels, native apps on three platforms, and sub-agent collaboration.
Ever asked your AI agent to modify its own config, only to watch it break itself? Then you spent an hour fixing it? Ever wanted a multi-agent Discord setup but couldn’t get the config right no matter how many tutorials you read?
After several days of intense work, I finally finished botdrop.app—a tool for running OpenClaw on Android—and now I have time to fill in some gaps. Have you been finding new ways to play with your 🦞 lately? I feel like this wave has truly spread everywhere; even friends who normally don’t care about tech are asking me about it.
The promised second tutorial is here. In just a few days since my last update, Moltbot has renamed itself again—the pace of the AI era is truly relentless. Even faster than the name changes is the wave sparked by moltbook, with all kinds of agent-oriented products emerging left and right, opening my mind to the early shape of a new era. But let’s not get into that today; let me first fill in the gaps from before and share my experience and insights on using OpenClaw through Telegram and Discord.
With Clawdbot’s rebranding to @moltbot, the initial excitement has started to fade. I wonder how many people have drifted back to their daily lives, and how many have stayed behind as “new species” left by the receding tide, ready to explore this new continent.
It feels like AI enthusiasts have been on an emotional roller coaster these past few days:
First, they heard about something called Clawdbot—looks like a lobster?—and thought: What is this? Why is everyone sharing it? Why don’t I have it yet? So they frantically read articles and ordered a Mac mini. Then came the analysis posts saying this thing is extremely dangerous, has way too many permissions, absolutely terrifying—uninstall it now! So everyone nervously uninstalled, shut down, wiped their systems, and listed their machines on secondhand markets (maybe the 🦞 got sold too, haha).
Clawdbot suddenly blew up recently, which I find both surprising and inevitable. I’ve been using Clawdbot for three weeks now, and I’ve been incredibly excited every single day because it genuinely feels like science fiction has become reality. Friends who follow me probably noticed I was pretty hyped those first few days—and those who chatted with me definitely felt it, haha.
DeFi has become more powerful, but also more complex.
Users are not lacking tools — they are lacking a partner who can carry some of the burden.
Over the past months, my team and I have been working on something I believe is deeply important: an Agent that can genuinely accompany you in the DeFi world — Owlia.
