Moltbot Personal Assistant Goes Viral – And So Do Your Secrets

Moltbot, previously known as Clawdbot, is an open-source AI agent that functions as a personal assistant capable of integrating with messaging platforms like WhatsApp, Telegram, and Slack to automate a wide array of tasks. Since its release in November 2025, it has seen exponential growth, particularly highlighted by a surge in GitHub activity and stars following its viral adoption in January 2026. Despite its capabilities, Moltbot installations have been vulnerable to credential leaks due to hardcoded secrets in user workspaces, prompting the development of a ggshield skill for enhanced security. This skill allows users to scan their workspaces for leaked credentials, offering options for on-demand checks and the installation of git pre-commit hooks to prevent sensitive information from entering version control. The ongoing challenge of securing Moltbot installations underscores the necessity for such proactive measures, as evidenced by the detection of numerous leaked secrets and the subsequent responsible disclosures to affected parties.