This AI Assistant Has Your Credit Card and Shopping List

Dan Peguine handed his credit card details to an AI. Then he watched it shop for him.

The Lisbon-based tech entrepreneur discovered Moltbot just weeks ago and became completely obsessed. "I could basically automate anything," Peguine says. "It was magical."

But this isn't your typical AI assistant story. While Siri and Alexa feel increasingly quaint, Moltbot represents something far more ambitious—and potentially dangerous.

Beyond Voice Commands

Moltbot doesn't just answer questions. It runs constantly on your computer, connecting to different AI models, apps, and online services to actually get things done. Users communicate with it through WhatsApp, Telegram, or other chat apps, but the real magic happens behind the scenes.

Peguine's Moltbot, nicknamed "Pokey," delivers morning briefings, organizes his workday, arranges meetings, manages calendar conflicts, and handles invoices. It even alerts him and his wife about their kids' upcoming tests and homework deadlines.

The AI assistant has exploded on social media as developers and business types discovered its capabilities. "It's the first time I have felt like I am living in the future since the launch of ChatGPT," declared Dave Morin on X. Amazon employee Abhishek Katiyar wrote that it gives "the same kick as when we first saw the power of ChatGPT, DeepSeek, and Claude Code."

High-Stakes Automation

Some users are pushing Moltbot into surprisingly risky territory. André Foeken, CTO of a Netherlands healthcare company, gave Moltbot his credit card details and Amazon login. "I had it scanning my messages and it auto ordered some stuff," Foeken told WIRED. "Which is both cool and the reason I turned scanning messages off 🤣"

Other users posted screenshots of Moltbot performing research and dispensing stock-trading advice. The enthusiasm reached such heights that buying a Mac Mini to run Moltbot became a meme, and interest in the assistant somehow triggered a rally in Cloudflare's stock price—despite having no connection to the company.

The Accidental Revolution

Independent developer Peter Steinberger released Moltbot (originally Clawdbot) last November as an experimental tool for feeding files into coding models. The breakthrough moment came when he sent a voice memo to his prototype and watched it type back a reply.

"I wrote, 'How the F did you do that?'" Steinberger recalls. The tool had inspected the file, recognized it as audio, found his OpenAI key, and used the Whisper transcription service. "That was the moment I was like, holy shit. Those models are really creative if you give them the power."

Steinberger built Moltbot because he believes AI assistants shouldn't require handing your data over to the cloud. "I have seen nobody really ask the question, 'how can I have this and also own my data,'" he says. "That felt like something important I should explore."

Technical Hurdles and Security Gaps

Despite its magical feel, Moltbot isn't ready for mainstream adoption. Installation requires command-line skills, API key management, and various technical workarounds. Recent users have complained about accidentally deleting data during setup and running up high inference bills.

More concerning are the security implications. Moltbot can leak personal information if run on publicly accessible computers, and it's vulnerable to "prompt injection" attacks where hackers could trick the AI into revealing secrets through malicious emails or files.

"There is a trade-off with security here," admits Peguine. Yet he's planning an even more ambitious deployment—having Moltbot manage his family's small business. He's teaching his father, who runs an Israeli tea company, to use Moltbot for invoice management, inventory tracking, and customer communication.

"The beautiful thing is that it's a general system," Peguine says. "It can run a business, I think."