RunLobster Hosting Warning: Bot Spam and Unauthorized Charges Reported
Reddit User Reports Fraudulent Activity
A Reddit user posted a warning about RunLobster (also referred to as OpenClaw Hosting) after experiencing what appears to be fraudulent activity. The user reports encountering bot spam promoting the service followed by unauthorized credit card charges.
Specific Issues Reported
The source details several concrete problems:
- Bot Spam: Automated scripts are flooding tech and developer subreddits with "organic-looking" recommendations for OpenClaw hosting.
- Unauthorized Charges: Immediately after registering for the service (before deploying any servers), the user's card was charged three separate times without authorization.
- No Support Response: Attempts to contact RunLobster's support team to reverse the charges have received no response.
User Recommendations
The Reddit user advises developers to:
- Ignore recommendations for RunClaw/RunLobster if seen in subreddits
- Check bank statements immediately if they've already provided information to the service
- Consider freezing their credit card if they've been affected
The user characterizes this as looking less like a legitimate hosting provider and more like a credit card skimming operation disguised as one.
📖 Read the full source: r/openclaw
👀 See Also
openclaw-credential-vault addresses four credential leakage paths in AI agents
openclaw-credential-vault provides OS-level isolation and subprocess-scoped credential injection to prevent four common credential exposure paths in OpenClaw setups. It includes four-hook output scrubbing and works with any CLI tool or API.
Claude Code Continues Logging Sessions After Revoke, User Reports 2-Week Support Silence
A Claude Code user reports that session logs continued appearing after revoking access, with Anthropic support unresponsive for two weeks. Logs included scopes like user:file_upload, user:ccr_inference, and user:sessions:claude_code.
OpenClaw Security Gap Addressed by Agentic Power of Attorney (APOA) Spec
A developer has published an open specification called Agentic Power of Attorney (APOA) to address security concerns in OpenClaw, where agents currently access services like email and calendar with only natural language instructions as guardrails. The spec proposes per-service permissions, time-bounded access, audit trails, revocation, and credential isolation.
LLM-Assisted Exploit: Anthropic's Mythos Preview Helped Build First Public macOS Kernel Exploit on Apple M5 in Five Days
Using Anthropic's Mythos Preview, security firm Calif built the first public macOS kernel memory corruption exploit on Apple's M5 silicon in five days—breaking MIE hardware security that took Apple five years to develop.