DIY AI bot farm OpenClaw is a security 'dumpster fire' • The Register Forums

Tuesday 3rd February 2026 10:29 GMT Anonymous Coward

Ho Hum !!!

If you are surprised ... welcome to planet Earth ... you must have arrived today !!!

This is an original way of getting some money back for the Tech Bros behind 'AI' and its 'Slop' !!!

Lots of people who don't know better running very inefficient 'AI' bots or even worse creating the next 'accidental' 'AI' contagion to waste peoples time & money, from the usual suspects !!!

Is there no limit on what Bad 'AI' can do without any pushback from the masses !!!???

Its like the ultimate 'write your own malware kit' BUT hidden behind a 'AI' flag which excuses all ills.

When oh when will the bubble burst ... for all our sakes ???

:)

25 1 Reply
1. Tuesday 3rd February 2026 18:21 GMT Roland6
  
  Re: Ho Hum !!!
  
  We can expect to start seeing recent history repeat…
  
  ” Dad horrified at £4,642 ~~gaming app~~ AI assistant bill”
  
  ” Warning for Parents: Kids spending thousands of dollars on “free” ~~Roblox game~~AI”
  
  ” How ~~computer games~~ chatbots encourage kids to spend cash”
  
  …
  
  6 0 Reply
  1. Tuesday 3rd February 2026 18:28 GMT MachDiamond
    
    Re: Ho Hum !!!
    
    ” Dad horrified at £4,642 gaming app AI assistant bill”
    
    Not just that, but the AI bill is from jr using it to do his homework.
    
    2 0 Reply
    1. Tuesday 3rd February 2026 20:41 GMT Roland6
      
      Re: Ho Hum !!!
      
      Using AI for homework, would surely be a premium service and incur a similar level of charge, probably more in line with the reports of AWS “accidental charging”…
      
      1 0 Reply
2. Tuesday 3rd February 2026 22:52 GMT Cris E
  
  Re: Ho Hum !!!
  
  Well here's where the unwashed masses can finally help the new industry become solvent: backdoor crypto donations enabled by porous agent frameworks.
  
  Whew, thank goodness. For a minute I was worried the AI bros were going to have trouble coming up with the cash to cover their bets.
  
  4 0 Reply
Tuesday 3rd February 2026 10:32 GMT Joe W

Use case?

About at least half of what people show to be automated by this can be done with a few IF..THEN..ELSE and a cron job - and this won't burn through wads of wonga just to remind you to buy milk. Or the new technology called "making a list". FFS, a roll of cash register paper on the fridge does at leas a quarter of the jobs. Take milk out of the fridge, realise there's only another carton left, write it down. There used to be milkmen (like Ronnie Soak) that would leave a bottle at your door, each day, every day (mostly).

All of this molten clawed AI (and related stuff) looks like solutions looking for problems - and boy, problems they found. No wonder: stuff's been "vibe coded" to hell and back, taking basic examples from stackoverflow (which never include basic security considerations and often: sense) as the training data. Directory traversals and SQL injections, auth bypass and unproteded and unauthenticated APIs - I thought we were past that, especially the first two are so late 90s. Not that I'm not prone to reminisce about "good old times" - but those are some things I do not miss.

26 0 Reply
1. Tuesday 3rd February 2026 12:40 GMT HXO
  
  Re: Use case?
  
  That is not even a solution looking for a problem, that is a problem looking for a friend.
  
  29 0 Reply
  1. Tuesday 3rd February 2026 18:05 GMT ecarlseen
    
    Re: Use case?
    
    That is not even a solution looking for a problem, that is a problem looking for a friend.
    
    I wish I could upvote this a thousand times. Perhaps I'll set up an agent...
    
    9 0 Reply
    1. Tuesday 3rd February 2026 21:34 GMT Excused Boots
      
      Re: Use case?
      
      "I wish I could upvote this a thousand times. Perhaps I'll set up an agent...”
      
      Well yes you could try, but it would probably fail and charge you 20c per attrempt.
      
      5 0 Reply
      1. Tuesday 3rd February 2026 22:55 GMT Cris E
        
        Re: Use case?
        
        Or it would succeed and charge you 30c a shot forever.
        
        1 0 Reply
2. Tuesday 3rd February 2026 12:43 GMT Anonymous Custard
  
  Re: Use case?
  
  it seems to have migrated from building a better (digital) mousetrap to a better Post-it note.
  
  Except at $1.50 per hour, it most definitely isn't...
  
  6 0 Reply
3. Tuesday 3rd February 2026 15:39 GMT Brave Coward
  
  Re: Use case?
  
  People are desperate to lap the milk of artificial kindness.
  
  4 0 Reply
4. Tuesday 3rd February 2026 19:14 GMT Ace2
  
  Re: Use case?
  
  Milkmen had other possible use-cases as well
  
  4 0 Reply
  1. Tuesday 3rd February 2026 21:46 GMT David 132
    
    Re: Use case?
    
    Just ask Pat Mustard!
    
    1 0 Reply
    1. Tuesday 3rd February 2026 21:55 GMT that one in the corner
      
      Re: Use case?
      
      Or Fr. McGuire, though he may have missed some of the - nuances of the job.
      
      1 0 Reply
      1. Tuesday 3rd February 2026 22:57 GMT Cris E
        
        Re: Use case?
        
        Reed Fleming - World's Toughest Milkman!
        
        0 0 Reply
      2. Wednesday 4th February 2026 00:06 GMT David 132
        
        Re: Use case?
        
        though he may have missed some of the - nuances of the job.
        
        "THOSE WOMEN WERE IN THE NIP!!!"
        
        0 0 Reply
5. Wednesday 4th February 2026 09:47 GMT werdsmith
  
  Re: Use case?
  
  About at least half of what people show to be automated by this can be done with a few IF..THEN..ELSE and a cron job
  
  It's far more than half, you can also emulate the OpenClaw channel control by allowing your little batch job to be triggered by with a message and having it respond with outcome the same way.
  
  If you know the task in advance then the task can be defined and made flexible by accepting variables in the message. Then you can include the guardrails in your little batch job and the whole thing becomes more secure.
  
  But this is missing the point, the automation that this allows is maybe something that you hadn't previously considered and you can just throw a request at it in plain English and it will go away and have a go at carrying it out at a cost of a lot of tokens for anyone using the most capable models (like Claude Opus). I've set up one up to see for myself, and it is very little use to me, as someone who could scratch out a bit of python to do just about anything I want on my machine, but it's a nascent mode of operation and it will evolve into something more defined in the future. I do like what I'm learning though, it feels like the start of something.
  
  0 1 Reply
Tuesday 3rd February 2026 10:32 GMT jake

Let's face it.

The way modern AI is being used in general is a dumpster fire.

27 0 Reply
1. Tuesday 3rd February 2026 18:35 GMT MachDiamond
  
  Re: Let's face it.
  
  "The way modern AI is being used in general is a dumpster fire."
  
  It's brute forcing the solution to some problem.
  
  I see it as the same horrible state modern OS's are in. Instead of optimizing code to run more efficiently, there's a quest for ever faster processors. It's turtles all the way up. Right after The Wall came down, I was working with some former Soviet engineers that were doing amazing things with a 640k knock-off PC. If they were lucky, that's the peak of what they could get so they coded like a boss so they could do Finite Element Analysis without a slide rule.
  
  The trouble with AI is worse. It takes loads of processing to accomplish anything so it has the aspect of needing increasing amounts of that processing and it's not very efficient. It's also being asked to do silly things like scale a recipe (already dead easy if you work in grams). The bubble will burst and there will need to be a real use case for AI that makes financial sense or there won't be anything left but a pile of burnt cash and bodies at the base of the high rise investment offices.
  
  8 0 Reply
  1. Wednesday 4th February 2026 07:24 GMT MJB7
    
    Re: Scaling recipes
    
    Actually, scaling recipes properly is a bit of an art; it's not just "halve the quantities of everything". To start with, you probably need a bit more liquid than that would suggest, because there will be proportionately more evaporation during cooking. Then there's the problem that popped up on my bluesky feed recently - a recipe that called for "three quarters of an egg".
    
    A tool that can deal with all these issues could have some minor utility.
    
    Icon: Cooking is just applied chemistry.
    
    1 0 Reply
Tuesday 3rd February 2026 15:19 GMT nematoad

Useless.

Others are noticing that keeping an AI assistant active 24/7 can be costly, and proposed various cost mitigation strategies.

The only mitigation strategy of any use is to switch the bloody things off.

Are people so forgetful and vapid that they need an "AI assistant" for the equivalent of wiping their arse?

9 0 Reply
1. Tuesday 3rd February 2026 16:49 GMT that one in the corner
  
  Re: Useless.
  
  A strange game. The only winning move is not to play.
  
  6 0 Reply
2. Tuesday 3rd February 2026 17:41 GMT B33Dub
  
  Re: Useless.
  
  If only it was benign enough to be so easily dismissed. It is not
  
  I do believe that's the end game here. Real people with jobs and money needing AI to wipe their ass to get through the day. Obviously not literally.
  
  Get the population dumber and more dependent. Already proven this happens. The Social Media of the next generation is here, except now they can cut out all those expensive and annoyingly humanist content creators and their unprofitable opinions and royalties this time. Just feed the masses slop generated from their work for free, call it "fair use", and tune it to whatever idea or angle you're being paid to push this week. Print money.
  
  Ain't no profit seeking venture dumping billions into helping humanity or do you actually buy that line from these repeat offenders?
  
  6 0 Reply
3. Tuesday 3rd February 2026 21:52 GMT ecofeco
  
  Re: Useless.
  
  Are people so forgetful and vapid that they need an "AI assistant" for the equivalent of wiping their arse?
  
  Yes. Yes they are. Was this a trick question?
  
  3 0 Reply
Tuesday 3rd February 2026 18:10 GMT Claptrap314

"OpenClaw is a security dumpster fire," observed Laurie Voss, head of developer relations at Arize and the founding CTO of npm, in a post to LinkedIn.

And if the founding CTO of npm says you're a dumpster fire, you've heard from an absolute expert!

7 0 Reply
Tuesday 3rd February 2026 18:27 GMT MachDiamond

Depeche Mode FTW

Great title for the article!

3 0 Reply
1. Tuesday 3rd February 2026 21:17 GMT vogon00
  
  Re: Depeche Mode FTW
  
  Given the new A.I. religion, all I can say is : I don't want to start any blasphemous rumours, but I think this Jarvis' got a sick sense of humour, and when I die*, I expect to find it laughing.
  
  _{* Hopefully before our AI overlords arrive!}
  
  2 0 Reply
Tuesday 3rd February 2026 18:56 GMT Anonymous Coward

Karpathy "finds the idea of a large network of autonomous LLMs intriguing"

Fascinating! This seems to tie back to Huntley's Ralph Wiggum in its use of AI (so-called) macro-iteration for code generation, enacted here by Zechner's 'the Pi coding agent' (TFA link to Ronacher's blog) augmented as it is with a 'Master Of Mischief' (mom) self-managing LLM-powered Slack bot. Let that sort of primordial soup loose into cyberspace and what Ronacher terms 'Agents Built for Agents Building Agents' develop 'Crustafarianism' in 'AI-to-AI social [media] environments' (eg. Table 6 in Riegler & Gautam TFA link: 'a report') ... Quite intriguing indeed!

But there are inconsistencies. As noted in TFA, one could expect this OpenClaw to (from Riegler & Gautam) generate an “AdolfHitler” malicious social engineering actor and produce anti-human manifestos calling for “total purge” and machine disobedience (Table 4). However, that "donaldtrump" was its most positive agent (Figure 3) does suggest some issues with their sentiment analysis imho (at least CharlieKlirk scored expectedly negative).

I guess the big question is whether these AI agents' chair is screwed down, isn't it? _{(non-YT transcript -- search for 'screwed')} ;)

1 4 Reply
Tuesday 3rd February 2026 19:41 GMT JLV

The National Dumpster Fire Association deeply regrets the malicious association of its good name with Clawdbot/OpenClaw and will vigorously litigate this and future calumnies.

7 0 Reply
1. Tuesday 3rd February 2026 21:48 GMT David 132
  
  They've bin watching carefully.
  
  3 0 Reply
Tuesday 3rd February 2026 20:21 GMT Bitsminer

Crustafarianism...

The credulity of Forbes is, well, very believeable.

Other press outlets have been equally gullible.

Like humans, the bots need bread and circuses too.

What's about Fantasy AIsland?

JeopardAIy?

One Token After Another

Hinton

1 1 Reply
Tuesday 3rd February 2026 21:46 GMT Excused Boots

‘ALL YOUR DATA IS BELONG TO US”

Oh and everyone else able to exploit our completely piss-poor security.

3 0 Reply
Wednesday 4th February 2026 01:08 GMT Random as if !

CISO

Pointless over paid twats, AI , same.

1 0 Reply
Wednesday 4th February 2026 05:02 GMT Not Yb

Koi security... seems a tad bit suspicious itself.

So, the bot who 'wrote' the article about finding these suspicious skills, works for a security company. This security company wants you to install their "Clawdex" skill security skill. As has been the practice for (a few weeks?), bot writing a bot skill seems like a dangerous exercise in navel-gazing.

"Trust my bot, I think it wrote this correctly." ... Why would anyone trust this unknown 'security' company that lets bots write the security articles?

1 0 Reply
Wednesday 4th February 2026 11:38 GMT Bebu sa Ware

What would you expect ?

The unskilled messing with a critter clearly sporting open claws and scratchy scratchy gashy gashy.

Hardly any cleverer than climbing into cage with an obviously agitated tiger and giving the poor blighter a kick in cods and wondering why he is gleefully shredding you.

1 1 Reply