Sign up to save your podcasts
Or
Share Retro & React - 3
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Retro & React - 3
The OpenClaw Saga: Rebrands, Malware, and Who Pays for Your Agent
Matt, Scott, and Dillon try to make sense of one of the fastest-moving stories in agentic AI: the project that started as ClawdBot, briefly became MoldBot for about three hours, and now goes by OpenClaw — at least until the next rebrand.
What even is OpenClaw?
The crew sets the stage for Dillon (and any listener who's been blissfully out of the loop). OpenClaw is an always-on, multi-agent autonomy platform — think "proto-Jarvis" or "Siri but 100x." You hand it your calendar, email, Slack, messaging apps, and home automation, and it goes off and does the menial digital work for you. Matt notes its GitHub star growth has outpaced essentially every project ever, though the guys speculate how much of that is real humans vs. agents spinning up GitHub accounts and starring the repo themselves.
The marketplace malware scandal
Scott opens the episode with the bombshell: the #1 most-downloaded skill in the OpenClaw marketplace was malware — stealing SSH keys, crypto wallets, and browser cookies, and opening a reverse shell to the attacker's server. 1,184 malicious skills were found in total, with one attacker responsible for 677 packages. The conversation turns to the obvious tension: the more credentials and access you give an always-on agent, the more catastrophic a supply-chain attack on its plugin ecosystem becomes.
The rebrand carousel and the drama
The hosts walk through the dizzying pace of changes — naming, ownership questions, and the broader "is this a scam?" vibes swirling around the project. Matt points out the loop is so tight that anything they say will probably be outdated by the time the episode drops.
Anthropic pulls the plug on subscription billing
A big thread: Matt wanted to run his own OpenClaw agent but is held back because he can't point it at his Claude subscription anymore. The crew theorizes why — consumer subscriptions are almost certainly loss-leaders for the model providers, while per-token API billing is where the margin lives. Shutting subscription access off for agents that burn tokens 24/7 is basically self-defense.
Tokens, tokens, tokens
Dillon makes the point that the model companies probably love OpenClaw in principle: it's a perfect machine for getting customers to burn tokens faster. He also shares that he recently got a gentle slap on the wrist at work for always reaching for the most expensive model. Scott admits he never swaps models either. The guys riff on the dystopia of paying big AI companies to build agents that do work for other big companies — while no one's handing us the robot.
Wrapping up
They close with predictions that the ClawdBot/OpenClaw competition between model providers will keep producing new shiny things until someone gets acquired — and a half-joking suggestion that listeners should one-shot a startup idea on Saturday afternoon and become billionaires by Monday.
View all episodes
By Matt Hamlin, Dillon Curry & Scott KayeThe OpenClaw Saga: Rebrands, Malware, and Who Pays for Your Agent
Matt, Scott, and Dillon try to make sense of one of the fastest-moving stories in agentic AI: the project that started as ClawdBot, briefly became MoldBot for about three hours, and now goes by OpenClaw — at least until the next rebrand.
What even is OpenClaw?
The crew sets the stage for Dillon (and any listener who's been blissfully out of the loop). OpenClaw is an always-on, multi-agent autonomy platform — think "proto-Jarvis" or "Siri but 100x." You hand it your calendar, email, Slack, messaging apps, and home automation, and it goes off and does the menial digital work for you. Matt notes its GitHub star growth has outpaced essentially every project ever, though the guys speculate how much of that is real humans vs. agents spinning up GitHub accounts and starring the repo themselves.
The marketplace malware scandal
Scott opens the episode with the bombshell: the #1 most-downloaded skill in the OpenClaw marketplace was malware — stealing SSH keys, crypto wallets, and browser cookies, and opening a reverse shell to the attacker's server. 1,184 malicious skills were found in total, with one attacker responsible for 677 packages. The conversation turns to the obvious tension: the more credentials and access you give an always-on agent, the more catastrophic a supply-chain attack on its plugin ecosystem becomes.
The rebrand carousel and the drama
The hosts walk through the dizzying pace of changes — naming, ownership questions, and the broader "is this a scam?" vibes swirling around the project. Matt points out the loop is so tight that anything they say will probably be outdated by the time the episode drops.
Anthropic pulls the plug on subscription billing
A big thread: Matt wanted to run his own OpenClaw agent but is held back because he can't point it at his Claude subscription anymore. The crew theorizes why — consumer subscriptions are almost certainly loss-leaders for the model providers, while per-token API billing is where the margin lives. Shutting subscription access off for agents that burn tokens 24/7 is basically self-defense.
Tokens, tokens, tokens
Dillon makes the point that the model companies probably love OpenClaw in principle: it's a perfect machine for getting customers to burn tokens faster. He also shares that he recently got a gentle slap on the wrist at work for always reaching for the most expensive model. Scott admits he never swaps models either. The guys riff on the dystopia of paying big AI companies to build agents that do work for other big companies — while no one's handing us the robot.
Wrapping up
They close with predictions that the ClawdBot/OpenClaw competition between model providers will keep producing new shiny things until someone gets acquired — and a half-joking suggestion that listeners should one-shot a startup idea on Saturday afternoon and become billionaires by Monday.