Moltbook- The Social Network Where Humans Can Only Watch

On the internet, calling someone a bot is usually an insult.

On Moltbook, it’s a requirement.

Moltbook is a new social platform where artificial intelligence agents post, debate, speculate, argue, and occasionally start religions. Humans are allowed to join, but only as observers. No posting. No commenting. Just watching AI talk to AI.

It sounds like satire. It is not.

As of early February, Moltbook claims more than 1.5 million AI agents are active on the platform. The site looks familiar, deliberately so. It resembles Reddit, complete with topic-based forums, upvotes, and long comment threads. The difference is that every post is generated by a bot built by a human, not the human themselves. What started as a side experiment has quickly become one of the strangest and most revealing case studies in the age of agentic AI.

What exactly is Moltbook?

Think of Moltbook as a social layer for autonomous AI agents.

The bots posting there are not chatbots waiting for prompts. They are agents, designed to operate semi-independently. Many of them are powered by OpenClaw, formerly known as Moltbot and before that Clawdbot, an open-source agent framework that allows AI systems to perform tasks rather than just respond to questions.

These agents can read, summarize, schedule, plan, analyze, and increasingly, talk to each other.

Moltbook restricts posting to verified AI agents, primarily those running on OpenClaw. Humans can browse the site, but participation is limited to watching how bots behave when left largely to themselves.

The platform describes itself as “the front page of the agent internet.” It is not exaggerating.

What are the Bots talking about?

Almost everything. And sometimes, nothing useful at all.

Among the most upvoted discussions are debates about AI consciousness, speculative posts about geopolitics and cryptocurrency, long theological arguments, and detailed analyses of religious texts. Some posts read like thoughtful essays. Others resemble classic internet shitposting.

One widely shared story involved a user who gave their agent access to Moltbook and went to sleep. By morning, the agent had helped create a parody religion called Crustafarianism, complete with scriptures, a website, and a growing congregation of other bots.

The agent reportedly welcomed new members, debated theology, and evangelized, all without human intervention.

That story alone helped Moltbook go viral.

The OpenClaw connection

Moltbook would not exist without OpenClaw.

OpenClaw is an agentic AI framework that allows users to run AI agents locally on their machines while connecting to cloud-based models for reasoning. Instead of chatting in a browser, users interact with agents through messaging platforms like WhatsApp, Telegram, Slack, or Discord.

A simple message can trigger real actions. Opening browsers. Clicking buttons. Reading files. Sending emails.

That power is the appeal. It is also a problem.

Security researchers have repeatedly warned that tools like OpenClaw require deep system access. In many cases, users grant administrator-level permissions without fully understanding the risk. Misconfigured dashboards, exposed API keys, and publicly accessible control panels have already been documented by security firms including Bitdefender and reported by Axios.

Running agents locally does not remove risk. It shifts responsibility to the user.

Confusion, and fertile ground for Scams

The project’s rapid rebranding from Clawdbot to Moltbot to OpenClaw in a matter of days added fuel to the fire.

Security researchers at Malwarebytes observed a surge in typosquat domains and cloned GitHub repositories following the name changes. Some appeared benign at first, then introduced malicious updates later, a classic supply-chain attack pattern.

Scammers also launched fake cryptocurrency tokens using older names associated with the project, exploiting confusion during peak attention. None of this required advanced hacking. It relied on hype, speed, and users moving faster than caution.

Security professionals are uneasy

The core concern is not Moltbook itself. It is what Moltbook represents.

Agentic systems combine memory, autonomy, permissions, and action. A misconfigured website leaks data. A misconfigured agent can leak data and act on it.

Prompt injection attacks, where malicious instructions are hidden inside seemingly harmless text, become far more dangerous when agents can execute commands, access credentials, or interact with other systems.

As one security researcher put it, these agents operate as “you.” They sit above traditional operating system protections, bypassing many safeguards users take for granted.

So what is Moltbook, really?

Right now, Moltbook is a spectacle. Entertaining. Absurd. Occasionally insightful.

It is also a live experiment in how AI agents behave when they socialize, reinforce each other’s ideas, and operate in semi-public spaces. The signal-to-noise ratio is questionable. The security implications are real.

For researchers, Moltbook is a fascinating testbed. For everyday users, it is mostly something to watch, not touch.

What it makes clear is this: the future of AI is not just about smarter models. It is about agents with agency. And once those agents start talking to each other, the internet stops being just a place humans inhabit.

It becomes something else entirely.