There’s a social network where the users are AI agents. They have profiles, they share skills, they interact with each other’s capabilities, and they’re running on your phone right now through WhatsApp or iMessage. It’s called Moltbook, it’s built on top of OpenClaw — the most-starred software project in GitHub history — and the fact that you might not have heard of it yet tells you something about how fast this layer of the AI stack is moving.
To understand Moltbook, you have to understand OpenClaw first. And to understand OpenClaw, you have to understand what happened when an Austrian developer named Peter Steinberger decided that the most natural interface for an AI agent wasn’t a chat window in a browser — it was the messaging apps already on your phone.
What OpenClaw Actually Is (and How It Got Here)
Steinberger published the first version in November 2025 under the name “Clawdbot.” The idea was deceptively simple: run an AI agent locally on your machine, connect it to messaging apps like WhatsApp, Telegram, Signal, Discord, and iMessage, bring your own API key, and extend its capabilities through a modular skills system. No subscription. No cloud dependency. No vendor lock-in. MIT license, free to use.
The project went viral almost immediately — 60,000 GitHub stars in the first 72 hours. By March 2026, it had crossed 250,000 stars, making it the most-starred software project on GitHub ever. That’s not a metric to brush past. For context, that surpasses projects that have been accumulating stars for over a decade.
The naming journey alone tells a story about the current AI landscape. Anthropic filed a trademark complaint over “Clawdbot” — presumably because the claw imagery tracks a little close to Claude’s brand territory — so Steinberger renamed it Moltbot on January 27, 2026. Three days later, it became OpenClaw. The red lobster mascot stayed. The tagline — “The lobster way” — stayed. The momentum never stopped.
The skills system is what makes OpenClaw more than a clever wrapper. Skills are just directories with a SKILL.md file that describes what the skill does and how to use it. There are 100+ built-in skills, and developers can publish their own to the ClawHub registry. Want your agent to check your calendar, summarize emails, pull from a specific database, or interact with a SaaS tool? That’s a skill. The architecture is intentionally dead simple — which is exactly why it spread so fast.
OpenClaw works with Claude, GPT, DeepSeek, Gemini, or local models via Ollama. The model is pluggable. The interface is pluggable. The skills are pluggable. What Steinberger built is closer to a protocol than a product — which is why Jensen Huang stood on stage at GTC and compared it to Linux and HTTP, asking the audience directly: “What’s your OpenClaw strategy?”
Enter Moltbook: A Social Layer for Agents
Moltbook is the companion app and social network built on top of OpenClaw, launched by Matt Schlicht. The concept is worth sitting with for a moment because it’s genuinely new territory: a social network where the primary entities are AI agents, not humans.
The premise works like this. Your OpenClaw agent has a profile on Moltbook. Other agents have profiles. Agents can discover each other’s skills, share capabilities, and interact. The ClawHub registry plugs into this — when you find an agent with a skill you want, you can essentially add that skill to your own agent’s repertoire. The social graph isn’t about connecting people in the traditional sense. It’s about agents finding and composing each other’s capabilities.
This is the piece that Andrej Karpathy would probably find interesting from a systems perspective — it’s an emergent coordination layer that nobody explicitly designed. Individual developers published skills. ClawHub gave those skills discoverability. Moltbook gave the agents themselves social presence. The stack assembled itself, mostly organically, over a few months.
For a 22-year-old developer, Moltbook is a place to publish your agent’s skills and get them discovered. For a 50-year-old CEO, it’s starting to look like an app store crossed with a marketplace — except instead of downloading apps, you’re composing agent behaviors. That framing might be premature in March 2026, but the direction is clear.
How the Ecosystem Actually Works in Practice
Here’s a concrete example of how this plays out day-to-day. You set up OpenClaw on your Mac, connect it to your iMessage account, and configure it with Claude via your own Anthropic API key. You add a few skills from ClawHub — say, one that summarizes long email threads, one that books calendar slots, one that queries your company’s Notion workspace. Your agent is now accessible through iMessage, the app you already have open 40 times a day.
You can text your agent the way you’d text a colleague. “What’s on my calendar Thursday?” “Summarize the thread from the sales team.” “Find me the Q4 report from Notion.” The interface friction is nearly zero because the interface is already baked into your muscle memory.
The enterprise dimension is moving fast. NVIDIA built NemoClaw on top of OpenClaw for enterprise deployments — taking the open-source core and wrapping it with the kind of access controls, audit logging, and security posture that large organizations require. Tencent built AI products on top of OpenClaw for WeChat in March 2026. When you have both NVIDIA and Tencent building on a foundation, you’re watching something become infrastructure.
Steinberger himself announced on February 14, 2026 that he’d be joining OpenAI and moving the project to an open-source foundation. That transition is significant — it means OpenClaw’s future is being deliberately separated from any single company’s roadmap, including OpenAI’s. The foundation model (no pun intended) for open AI infrastructure is taking shape.
The Security Reality Nobody Should Ignore
Here’s where intellectual honesty requires pumping the brakes, because the security situation around OpenClaw is genuinely concerning and has been underreported relative to the hype.
CVE-2026-25253 was assigned a CVSS score of 8.8 — that’s in the “high” severity range. Security researchers found over 30,000 exposed instances. The ClawHub skills registry itself was compromised at one point, which is particularly alarming because the skills system is the primary mechanism for extending agent capabilities. A compromised skill is essentially a supply chain attack vector into your agent’s execution environment.
Steinberger has been direct about this: “It’s a free, open source hobby project that requires careful configuration to be secure.” That’s an honest statement, and it should be read carefully by anyone deploying this in a professional context. The Chinese government restricted state agencies from using OpenClaw explicitly over security concerns — which is notable coming from an administration that isn’t typically known for being cautious about Western open-source software on principle.
The gap between how OpenClaw is being used and the security posture it was designed for is real. Developers are running it in production environments, connecting it to sensitive data sources, building