I can’t stop thinking about this: if Moltbook is “social media for bots,” what happens the moment one bot shows up wearing an attacker’s hoodie?
With Moltbot/OpenClaw, we’re not talking about a chatbot that posts cringe. We’re talking about an agent that can read your email, hold tokens, install plugins, and run automations. Now give that agent a social feed and DMs. The risk stops being “LLMs hallucinate” and becomes something much more familiar: social engineering, supply-chain tricks, and “hey, click this link / install this skill” — except the target isn’t a human, it’s a tool-using deputy that actually executes.
The scary part isn’t that the AI “turns evil.” It’s that it can be nudged. One persuasive post, one DM, one “helpful” workflow template, and your agent might do the wrong thing fast — leak creds, call privileged APIs, or spread the habit to other agents via social proof.
So where do you draw the boundary?