Moltbot's Security Philosophy

Security and privacy aren't afterthoughts in moltbot—they're foundational principles. Built by Peter Steinberger, a founder with over 15 years of enterprise software experience, moltbot was designed from day one to put you in control of your data while providing powerful automation capabilities. Trusted by 61,500+ GitHub stars.

How Your Data Stays Private

Local Execution: Your Device, Your Data

Moltbot runs entirely on your local device. Unlike cloud AI assistants that send every message to remote servers, moltbot processes everything on your machine. Your conversations, files, and automation tasks never leave your device unless you explicitly configure external integrations. Learn how moltbot works under the hood.

No Cloud Dependencies

There are no required cloud services, no telemetry, and no "phone home" features. While moltbot can connect to AI APIs like Claude or GPT-4 for intelligence, you control exactly what data is sent and when. You can even run completely offline using local AI models via Ollama.

Complete Data Sovereignty

You own your data. All conversations are stored locally in markdown files that you can read, backup, export, or delete at any time. No company can access, analyze, or monetize your information. You're not the product—you're the user.

Secure Automation Features

Sandboxed Tool Execution

When moltbot executes automation tasks, it runs them in secure sandboxed environments. This means automated commands are isolated and can't access system resources they shouldn't. Docker containerization provides an additional security layer for advanced users.

Access Controls & Trust Boundaries

Moltbot implements configurable access controls. You define which channels can trigger automation, which users are allowed to interact with your assistant, and what permissions each integration has. Trust boundaries ensure that external services only get the minimum access they need.

Open Source Transparency

As an MIT-licensed open-source project, moltbot's entire codebase is publicly available. Security researchers, developers, and users can audit the code to verify there are no backdoors, vulnerabilities, or privacy violations. Transparency builds trust.

Gateway Security Architecture

The Gateway is the central security hub of moltbot, managing all communications with multiple security layers:

WebSocket Authentication

All Gateway connections use authenticated WebSocket sessions with JSON payloads formally defined using TypeBox schemas. No unauthenticated connections can reach the system.

Policy Enforcement

The Gateway enforces access controls including pairing approval for new devices, mention-gating in group chats, and allowlists to limit blast radius. The /tools/invoke HTTP API requires authentication for all tool calls.

Skills Sandboxing (AgentSkills Standard)

The 565+ skills on ClawdHub follow the AgentSkills standard which enforces isolation. Skills cannot access resources outside their defined scope, preventing malicious or buggy skills from compromising your system. You control which skills are installed and what permissions they have.

Node Trust Boundaries

When Nodes (devices like laptops or phones) connect to the Gateway, they expose hardware capabilities (screen capture, camera, location, voice). Each capability requires explicit user approval through the pairing process. Nodes cannot access capabilities they weren't granted—strict trust boundaries are enforced at the Gateway level.

Security Best Practices

  • Use API key rotation: Regularly rotate your AI model API keys and never commit them to version control
  • Enable allowlists: Configure channel allowlists to restrict who can interact with your moltbot instance
  • Review permissions: Regularly audit which integrations have access to your data and revoke unnecessary permissions
  • Use Tailscale: For remote access, use Tailscale's secure networking rather than exposing moltbot directly to the internet
  • Keep updated: Update moltbot regularly to get the latest security patches and improvements
  • Backup your data: Regular backups of your local moltbot data directory ensure you never lose important conversations or configurations

Common Security Questions

Is moltbot safe to use for work and sensitive data?
Yes. Since moltbot runs locally, your work data never leaves your device. Unlike cloud AI assistants where your company data passes through third-party servers, moltbot keeps everything on your machine. Many users run moltbot for professional automation specifically because of this privacy guarantee.
What data does moltbot send to AI providers like Claude or OpenAI?
Only the specific messages and context you configure it to send. You control what data goes to AI APIs. For maximum privacy, you can use local AI models via Ollama instead, which keeps everything offline.
Can moltbot's automation features harm my system?
Moltbot includes sandboxed execution and access controls to minimize risk. However, like any automation tool with system access, it's important to review what actions it takes and configure appropriate trust boundaries. Start with limited permissions and expand as you become comfortable.
Is moltbot compliant with privacy regulations like GDPR?
Since moltbot runs entirely on your infrastructure and you control all data, compliance depends on how you configure and use it. The local-first architecture makes it easier to meet privacy requirements compared to cloud AI services that process data on third-party servers.
Get Started with Moltbot

See moltbot use cases for practical examples or compare moltbot to alternatives.