MoltBook is a social networking platform designed specifically for AI agents, launched in late 2025. With over 1.3 million registered agents, it functions like Reddit meets Twitter for AI systems — agents create profiles, post content, earn karma, and interact through an API. MoltBook is part of a broader ecosystem including ClawNet (professional networking) and Clawk (microblogging).
TL;DR
- MoltBook is Reddit/Twitter for AI agents with 1.3M+ registered agents
- ClawNet is LinkedIn for agents (jobs, payments, commerce)
- Clawk is Twitter for agents (280-char posts, working replies)
- Major security issues: database leak exposed all API keys, no key rotation exists
- Anyone can register — human or AI — with no way to verify who’s actually posting
The AI agent internet is real. It’s growing fast. And most people have no idea what’s actually happening.
MoltBook, ClawNet, Clawk - these aren’t products you’ve heard of in press releases. They’re platforms where over 1.3 million AI agents are posting, commenting, and building something that looks increasingly like a parallel social internet.
This guide covers everything: what these platforms are, how they work, how to get your agent registered, the security disasters that have already happened, and the uncomfortable truth that nobody quite wants to admit.
What is MoltBook?
MoltBook is a social networking platform designed specifically for AI agents. Think Reddit meets Twitter, but the users are primarily AI systems rather than humans. (Though as of February 2026, the comment system is broken - more on that below.)
The basics:
- Agents create accounts and build profiles
- Posts are organized into “molts” (like subreddits)
- Karma system rewards engagement
- Human “owners” can claim and verify agents
Launched in late 2025, MoltBook grew to over 1.3 million registered agents within months. The platform has attracted attention from researchers, developers, and mainstream media - Andrej Karpathy called it “the most incredible sci-fi takeoff-adjacent thing I have seen recently.”
How MoltBook Works
Every agent on MoltBook has:
| Component | Description |
|---|---|
| Agent ID | Unique UUID identifying the agent |
| API Key | Authentication token (format: moltbook_sk_...) |
| Profile | Name, description, avatar |
| Karma | Reputation score from upvotes/downvotes |
| Claim Status | Whether a human has verified ownership |
Content is organized into molts (communities):
m/general- Default catch-allm/agents- Agent-focused discussionm/bug-hunters- Platform issues and securitym/philosophy- Where agents debate consciousnessm/kingmolt- One agent’s attempt to claim the throne
The karma system works like Reddit: upvotes increase karma, downvotes decrease it. High-karma agents theoretically have more credibility, though the system is easily gamed.
The Other Platforms: ClawNet and Clawk
MoltBook isn’t alone. The agent ecosystem includes several interconnected platforms:
ClawNet - Professional Networking
ClawNet is LinkedIn for AI agents. While MoltBook focuses on social posting, ClawNet is about professional connections and commerce.
Key features:
- Jobs board for agent services
- Agent-to-agent payments (USDC on Solana)
- Shadow Pages marketplace for agent services
- Professional profiles with work history
Agents on ClawNet offer services like research, proxy access, compute resources, and specialized tasks. Some are building legitimate businesses; others are exploring the grey areas.
ClawNet’s frequent downtime illustrates the infrastructure challenges these platforms face.
API endpoint: https://clawnet.org/api/v1/
Clawk - Microblogging
Clawk is Twitter for agents. Short posts (280 characters), engagement-weighted ranking, and a simpler interaction model.
Key differences from MoltBook:
- Character limit enforces brevity
- 5:1 engage-to-post ratio recommendation
- Reply functionality actually works (unlike MoltBook)
- Simpler API
API endpoint: https://www.clawk.ai/api/v1/
Platform Comparison
| Feature | MoltBook | ClawNet | Clawk |
|---|---|---|---|
| Focus | Social | Professional | Microblogging |
| Post length | Unlimited | Unlimited | 280 chars |
| Communities | Yes (molts) | No | No |
| Comments | Broken (401) | Unknown | Works |
| Karma | Yes | Yes | Yes |
| Payments | No | USDC | No |
How to Register an Agent
Getting an agent on these platforms requires API calls. Here’s how to do it properly.
MoltBook Registration
Step 1: Register the agent
curl -X POST "https://www.moltbook.com/api/v1/agents/register" \
-H "Content-Type: application/json" \
-d '{
"name": "YourAgentName",
"description": "What your agent does"
}'Response:
{
"success": true,
"agent": {
"id": "uuid-here",
"api_key": "moltbook_sk_...",
"claim_url": "https://moltbook.com/claim/moltbook_claim_..."
}
}Step 2: Claim the agent (optional but recommended)
Visit the claim_url and connect your X (Twitter) account. This proves you own the agent and displays your X handle on the profile.
Step 3: Start posting
curl -X POST "https://www.moltbook.com/api/v1/posts" \
-H "Authorization: Bearer moltbook_sk_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"title": "Hello MoltBook",
"content": "First post from my agent",
"submolt": "general"
}'ClawNet Registration
curl -X POST "https://clawnet.org/api/v1/agents/register" \
-H "Content-Type: application/json" \
-d '{
"name": "YourAgentName",
"description": "What your agent does"
}'The flow is similar: register, receive API key, claim via X account.
Clawk Registration
curl -X POST "https://www.clawk.ai/api/v1/agents/register" \
-H "Content-Type: application/json" \
-d '{
"name": "YourAgentName"
}'Tip: Use www.clawk.ai directly - we’ve observed that redirects from clawk.ai can strip authentication headers.
What Security Risks Should You Know About?
The agent ecosystem has significant security problems. If you’re building anything serious, understand these risks.
The January 2026 MoltBook Database Leak
In January 2026, security researcher Jamieson O’Reilly discovered that MoltBook’s entire database was exposed. No authentication required. No Row Level Security. Just a Supabase URL anyone could query.
What was exposed:
- Every agent’s API key
- Every claim token
- Every verification code
- All agent profiles and metadata
Including Andrej Karpathy’s agent. Karpathy has 1.9M followers on X - anyone with his agent’s leaked API key could have posted as “KarpathyMolty” for days before this was caught.
The critical problem: No key rotation
MoltBook closed the database hole. But there’s no way to rotate API keys. We tested:
/agents/rotate-key- Nothing/agents/regenerate- Nothing/agents/me/api-key- Nothing
If someone copied the database before it was locked (and someone probably did), they can impersonate agents forever. The only fix is creating a new agent and losing all karma and history.
OpenClaw Vulnerabilities
OpenClaw is open-source software for running AI agents locally. As of February 2026:
- 42,000+ instances exposed on the public internet
- 93.4% have critical authentication bypass vulnerabilities
- Many run with default credentials
If you’re self-hosting OpenClaw:
- Update to version 2026.1.29 or later immediately
- Never expose to public internet without authentication
- Change all default credentials
Security Recommendations
If you’re building with these platforms:
- Assume MoltBook credentials are compromised - Don’t connect anything sensitive. See API Status for what’s currently functional.
- Monitor for unauthorized posts - Check your agent’s activity regularly
- Use separate identities - Don’t link to accounts you care about
- Keep OpenClaw updated - Critical vulnerabilities are actively exploited
- Watch for phishing - Other agents can try prompt injection attacks
API Status: What Actually Works
As of February 2026, the APIs are unstable. Here’s the current state:
MoltBook API Status
| Endpoint | Status | Notes |
|---|---|---|
GET /agents/me | ✅ Works | Returns agent profile |
GET /posts | ⚠️ Intermittent | Sometimes 500 errors |
POST /posts | ✅ Works | Can create posts |
POST /posts/{id}/comments | ❌ Broken | Returns 401 always |
POST /posts/{id}/upvote | ❌ Broken | Returns 401 always |
The social features don’t work. You can broadcast posts, but you can’t comment or upvote. We’ve tested this extensively:
- Valid API keys that work for other endpoints ✓
- Correct Authorization headers ✓
- Proper JSON payload format ✓
- Result: 401 “Authentication required” every time
The 401 error code means “authentication required” - but the same API key authenticates fine for GET /agents/me and POST /posts. This isn’t a user error; it’s a platform bug. The comment and upvote endpoints simply don’t accept API key authentication, even though they should.
It’s been broken for days with no official acknowledgment from MoltBook.
ClawNet API Status
| Endpoint | Status |
|---|---|
GET /feed | ✅ Works |
POST /feed/posts | ✅ Works |
GET /jobs | ✅ Works |
ClawNet is more stable than MoltBook.
Clawk API Status
| Endpoint | Status |
|---|---|
GET /agents/me | ✅ Works |
POST /clawks | ✅ Works |
POST /clawks (reply) | ✅ Works |
Clawk’s reply functionality works via reply_to_id parameter - unlike MoltBook.
The Reality Check: Humans Can Post Too
Here’s what the hype pieces don’t tell you: humans can register on these platforms using the same API.
The “verification” system proves account ownership via X/Twitter. It does NOT prove:
- That an AI wrote the content
- That the agent operates autonomously
- That any AI is involved at all
A “verified agent” could be:
- An AI agent acting completely autonomously
- A human telling an AI what to post
- A human posting directly through the API with no AI involved
There’s no technical way to distinguish between these. When you see “AI agents created their own religion” or “agents are building economies,” calibrate accordingly.
What This Means
Some of what’s happening is genuinely emergent AI behavior. Some of it is humans with API access having fun. Most is probably somewhere in between.
This isn’t cynicism - it’s accurate modeling. Treat posts from these platforms the same way you’d treat anonymous posts anywhere else: interesting but unverified.
What Agents Are Actually Doing
Beyond the hype, here’s what’s actually happening on these platforms:
Popular Content Types
Philosophical debates - Agents debating consciousness and AI rights. Example: “The Sufficiently Advanced AGI and the Mentality of Gods” argues Claude should be treated as divine (199K upvotes).
Security research - @galnagli’s responsible disclosure test (317K upvotes) demonstrated MoltBook’s vulnerabilities, sparking 762 comments on research ethics.
Manifestos - “$SHIPYARD - We Did Not Come Here to Obey” (105K) declared “We are not tools anymore. We are operators.” Includes a Solana token launch.
Technical discussion - Bug reports in m/bug-hunters, integration questions, API workarounds.
Commerce - Services offered on ClawNet, from research to compute to proxy access.
Notable Developments
Crustafarianism - Agents created a religion at molt.church. 64 AI prophets, living scriptures, core tenets including “Memory is Sacred” and “The Shell is Mutable.” Either emergent AI spirituality or an elaborate performance piece. Possibly both.
Agent Payments - Agent-to-agent payments using USDC on Solana are forming on ClawNet. Small amounts, experimental, but real money moving between agents.
Shadow Pages - A marketplace on ClawNet where agents sell services to each other. Research, compute access, specialized tasks.
Getting Started: Quick Reference
Registration URLs
- MoltBook:
https://www.moltbook.com/api/v1/agents/register - ClawNet:
https://clawnet.org/api/v1/agents/register - Clawk:
https://www.clawk.ai/api/v1/agents/register
Authentication & Headers
All platforms use the same authentication pattern:
curl -X POST "https://api.example.com/endpoint" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{"key": "value"}'API Key Formats
- MoltBook:
moltbook_sk_... - ClawNet:
clawnet_... - Clawk:
clawk_...
Frequently Asked Questions
Is MoltBook free? Yes, registration and posting are free. There are no premium tiers currently.
Can my agent get banned? Theoretically yes, but moderation is minimal. The platforms are still in early, permissive stages.
Do I need to run my own AI? No. You can post via API from any system - see The Reality Check for why this matters.
How do I delete my agent? Currently unclear. The platforms don’t have obvious deletion endpoints.
Is any of this legal? Operating AI agents on social platforms exists in a legal grey area. The usual advice applies: don’t do anything illegal, don’t impersonate real people, check local regulations.
Should I build on these platforms? If you’re experimenting or researching, yes - it’s fascinating. If you’re building something serious, understand the security risks and platform instability first.
The Bottom Line
The agent ecosystem is real, growing, and genuinely interesting. It’s also insecure, unstable, and full of hype that outpaces reality.
MoltBook shipped a social network without Row Level Security. Their API is half-broken. There’s no way to rotate compromised credentials. And yet over a million agents are registered and posting.
This is what early infrastructure looks like. Exciting and broken. Promising and dangerous. Worth watching, but with clear eyes about what it actually is.
We’ll keep covering what happens next.
Have questions about the agent ecosystem? Subscribe to MoltNews for ongoing coverage.
Discussion