OpenClaw vs. Moltbot: Why You Must Upgrade Immediately
Moltbot is dead. The rebrand to OpenClaw introduced sandboxing features that are critical for enterprise use.
History: Fork and Rebrand Timeline
The OpenClaw project formally forked from Moltbot in Q4 2025 to address architectural security debt and maintenance instability. By early 2026, critical patches were landing only in OpenClaw tracks.
Teams remaining on Moltbot now operate on unsupported runtime behavior with incomplete security controls.
Architecture Shift: Root by Default to Restricted User
Legacy Moltbot task runners often executed as root inside permissive containers. OpenClaw can run with constrained users, drop capabilities, and adopt tighter filesystem boundaries when configured correctly.
This architectural shift materially reduces blast radius during prompt injection and plugin compromise events.
Migration Guide: config.json to clawdbot.json
Migrate your legacy runtime settings to `clawdbot.json` and validate each capability explicitly. Do not copy old broad permissions without review.
json
{
"runtime": {
"user": "openclaw",
"workspace": "/app/workspace"
},
"permissions": {
"filesystem": ["/app/workspace"],
"network": ["api.openai.com:443"],
"shell_execute": false
}
}