Hey Everyone, you might have heard of Moltbot, a project that has fantastic promises. Delivering agents locally to your machine and connecting it to a wealth of tools and chats for interractions. Today I decided to dig into their code, and surprise… project initiated in Nov 2025, already has 8000+ commits on main 🧐 700+ issues and close to 300 PRs. For a project that young it’s an insane amount of code being shipped. This raised red alerts straight away. I started to read some of the code and let’s say… best practices were not really implemented. One commit incremented a wait time for Telegram messages from 1500ms to 5000ms.. I mean, just a magic value lost in a script. Typical AI slop.
Anyways, I was sure this project could present significant sec risks if used, so I ran a Gemini Pro report using deep search and sure enough, interesting things surfaced.
You can read it here for those interested enough. It’s worth the read. One safer moltbot fork is proposed and I think it’s completely necessary (https://github.com/titanicprime/moltbot-safe)
Enjoy the ride, and stay safe!
