Clawdbot, Moltbot, OpenClaw... oh my!
Plus: France ditches Teams and Zoom for homegrown alternative
Hi folks,
This week’s lead story looks at OpenClaw (née: Clawdbot & Moltbot), the open source AI agent that rocketed from obscurity to the darling of the developer world in days.
Elsewhere, we cover a flurry of developments across the open source world: France’s move away from US video conferencing tools toward a homegrown, open-source alternative, a surge in malware hidden inside public repositories, and more.
As usual, feel free to reach out to me with any questions, tips, corrections, or suggestions: forkable[at]pm.me.
Paul
Open issue
An open source AI agent that won’t sit still
A new AI assistant has taken the world by storm, one that doesn’t seem quite sure what it wants to be known as.
The project burst onto the scene earlier this month, launching initially as Clawdbot, an open source AI agent designed to run locally on a user’s own machine. Shortly after, it was rebranded as Moltbot, before quickly shedding that name and emerging as OpenClaw, following pushback, growing scrutiny, and a rapidly expanding user base that seen it surge to 114,000 stars on GitHub.
At a time when most AI assistants still live in the cloud and operate largely as conversational tools, OpenClaw is positioned as something more hands-on. It’s built to carry out tasks — editing files, managing code, triggering automations — and to do so persistently, without needing to be prompted through a dedicated app or browser tab.
That positioning has resonated far and wide, particularly among developers and more technically-inclined users experimenting with autonomous workflows. OpenClaw runs entirely on local hardware, typically paired with open or locally hosted language models chosen by the user. Data stays on-device, and users retain direct control over what the agent can access and execute.
So why has it spread so fast?
Part of the answer lies in dissatisfaction with the current generation of assistants. As large AI platforms have pushed toward more capable systems, they’ve also tightened constraints around what those systems are allowed to do, and where they’re allowed to run. OpenClaw promises a different path.
Open source has been central to that appeal. From the outset, the code has been public, forkable (16,000 forks to date), and open to inspection, allowing developers to audit behaviour, suggest changes, and build on it almost immediately.
But along the way, concerns around automation safety, misuse, and responsibility have surfaced just as quickly as enthusiasm. Some of those concerns were illustrated by Jamieson O’Reilly, a hacker, advisor, and entrepreneur who showed how hundreds of Clawdbot control servers had been left exposed to the public internet. This meant agents with access to private messages, credentials, and system-level controls were reachable by anyone who discovered the endpoints — highlighting how easily a powerful local agent can become a liability in the wrong hands.
OpenClaw is the handiwork of Peter Steinberger, a veteran software engineer who, in an interview with The Pragmatic Engineer this week, described the project as a reflection of how AI tools have changed what individual developers can realistically build, making it easier to ship across multiple technologies without deep expertise in each of them.
“I can build everything now,” he said. “Before you had to really pick which side-project you build, because software is hard. It is still hard, but now this friction —where I’m so good at this one technology, and I’m so bad at another — [is gone].”
For now, OpenClaw remains a tool for enthusiasts rather than the average punter, and it should probably be used with a little caution in terms of what system access it’s given. But if nothing else, its meteoric rise has highlighted the importance of the community in driving a project forward — local, inspectable, and shaped in the open.
Read more: The Pragmatic Engineer & Forbes & Openclaw & Openclaw (GitHub)
Patch notes
France shifts to homegrown
France has revealed plans to transition away from US video conferencing platforms such as Microsoft Teams and Zoom for government use, steering officials toward Visio, a French state-run, open-source videoconferencing service hosted on government-controlled infrastructure.
Read more: Euro News
North Korea-linked hackers target open source
Security researchers warn that North Korean hacking groups are increasingly seeding malware into open source projects, disguising malicious code as legitimate libraries and developer tools. The tactic relies on trust in public repositories, with attackers targeting developers directly rather than end users — a reminder that openness can widen the attack surface.
Read more: Open Source Malware
Open source malware surges 75%
New research from Sonatype shows a 75% increase in malicious packages published to open source ecosystems over the past year. The findings highlight how attackers are exploiting automation, dependency sprawl, and maintainers’ limited capacity to review contributions.
Read more: Sonatype
Mozilla pitches an alternative AI future
Mozilla has published its State of Mozilla 2025–26 report, laying out an open-source-first vision for AI that pushes back against concentration among big tech firms. The organisation argues for smaller, auditable models, public-interest infrastructure, and stronger governance — and says the current AI trajectory risks repeating the same centralisation mistakes of the web era.
Read more: Mozilla
Arcee AI claims 400B open model milestone
A small startup called Arcee AI says it has trained a 400-billion-parameter open source language model, claiming performance that rivals or exceeds Meta’s Llama family. The company says it built the model from scratch using novel training techniques, though independent benchmarking remains limited.
Read more: TechCrunch & Arcee
Linux plans for Linus continuity
The Linux kernel community has added a continuity plan addressing what happens if Linus Torvalds becomes unavailable. The change formalises succession and governance processes — a tacit acknowledgement of key-person risk in critical open source infrastructure.
Read more: The Register & GitHub
And finally…
A modular Linux handheld
An open source, modular Linux handheld device dubbed Comet has turned out to be rather popular. The device, built by Mecha, is now live on Kickstarter, where it has raised more than $500,000 against an initial goal of $36,000 — a sign that there’s real appetite for open, hackable hardware.
Comet is a pocket-sized Linux computer with a keyboard and touchscreen, designed around modularity and repair. Mecha is publishing its hardware designs, firmware, and software openly, positioning the device as something to tinker with.
The crowdfunding success doesn’t mean Comet is about to go mainstream, but it reminds us that when a project leans fully into openness, the community is often willing to hand over their hard-earned dough.
Read more: CNX Software & Mecha & Kickstarter