As of late January 2026, OpenClaw (formerly Clawdbot / Moltbot) remains one of the most talked-about self-hosted AI agent projects. But alongside the hype, X is full of real user reports detailing painful failures: token costs spiraling out of control, Polymarket trading disasters, security exposures, and more. These issues mostly hit early adopters during setup and debugging phases, but they reveal systemic risks inherent in highly autonomous agents.
Below are the most frequently reported categories of failures, based on public posts, along with root causes and current mitigation steps.
1. Excessive Token Consumption
Common reports
- “Burned $9 in 10 minutes — feels like printing money into a fire”
- “Default setup easily hits $50+ per day, especially with browser control enabled”
- “Infinite thinking loops — tokens just vanish”
Root causes
- Default reliance on expensive high-end models (e.g., Claude Opus 4.5)
- Agents entering long reasoning chains, retries, or self-verification loops without caps
- Users not configuring thinking level limits, token budgets, or task scheduling
Current mitigations
- Immediately lower thinking level (low / medium)
- Set hard token budget caps in the config
- Switch to local models or cheaper inference endpoints where possible
- Enable verbose logging and monitor which steps are the biggest consumers
2. Polymarket & Trading Integration Failures
Common reports
- “TX failed 5 times, then all executed at once — 5× position wiped out”
- “Agent didn’t handle latency — repeated bets, lost $300–400”. Some people also claim that mistakes led to repeated orders, resulting in the loss of a house
- “Oracle delay caused missed stop-loss — one bet just vanished”
Root causes
- No built-in retry backoff, confirmation waits, or latency handling in agent logic
- Polymarket’s own oracle and network delays get amplified by autonomous execution
- Overly broad user instructions (e.g., “trade when edge”) without strict position limits or kill switches
Current mitigations
- Require human review of any trade diff or final execution
- Enforce max bet size, stop-loss thresholds, and position caps
- Temporarily disable autonomous trading; use agent only for signal generation + manual confirmation
- Monitor transaction hashes and kill sessions on anomalies
3. Security & Account Hijacking Risks
Common reports
- “Old handle/org hijacked during rename — fake $CLAWD token rug pulled users”
- “900+ gateways exposed unauthenticated — prompt injection stole keys in 5 minutes”
- “Dashboard left open without auth — API keys fully leaked”
Root causes
- Early versions had overly permissive access models (god-mode defaults)
- Rename periods released handles/orgs that were immediately squatted by malicious actors
- Users exposing control panels publicly or failing to isolate sensitive workspaces
Current mitigations
- Mandate Cloudflare Tunnel + Zero Trust authentication for any exposed service
- Run all sensitive operations in isolated VMs or containers
- Regularly execute the openclaw doctor tool to scan for misconfigurations
- During rename periods, avoid clicking non-official links and treat DMs with extreme suspicion
Summary
OpenClaw’s core appeal — full self-hosting and high autonomy — is also its greatest vulnerability: the more independent the agent, the higher the demand for user oversight. Most reported failures occurred during early experimentation and setup, and the core team (led by Peter) has been pushing security fixes and configuration improvements at a fast pace.
The broader lesson for 2026 agent users is clear:
Autonomy is powerful. Autonomy without guardrails is expensive.
If you’re running OpenClaw today, the immediate checklist is short:
- Run openclaw doctor once
- Disable any wallet / trading integrations until reviewed
- Enforce strict sandboxing and token budgets
I’ll continue tracking these real-world cases. New major incidents or official fixes will be updated here.
Feel free to share your own experiences in the comments (anonymously if preferred). The more we document the pits, the fewer people fall into them.
🦞