RunLobster Hosting Warning: Bot Spam and Unauthorized Charges Reported

✍️ OpenClawRadar📅 Published: March 28, 2026🔗 Source
RunLobster Hosting Warning: Bot Spam and Unauthorized Charges Reported
Ad

Reddit User Reports Fraudulent Activity

A Reddit user posted a warning about RunLobster (also referred to as OpenClaw Hosting) after experiencing what appears to be fraudulent activity. The user reports encountering bot spam promoting the service followed by unauthorized credit card charges.

Specific Issues Reported

The source details several concrete problems:

  • Bot Spam: Automated scripts are flooding tech and developer subreddits with "organic-looking" recommendations for OpenClaw hosting.
  • Unauthorized Charges: Immediately after registering for the service (before deploying any servers), the user's card was charged three separate times without authorization.
  • No Support Response: Attempts to contact RunLobster's support team to reverse the charges have received no response.
Ad

User Recommendations

The Reddit user advises developers to:

  • Ignore recommendations for RunClaw/RunLobster if seen in subreddits
  • Check bank statements immediately if they've already provided information to the service
  • Consider freezing their credit card if they've been affected

The user characterizes this as looking less like a legitimate hosting provider and more like a credit card skimming operation disguised as one.

📖 Read the full source: r/openclaw

Ad

👀 See Also

OpenClaw Security: The Hardened Baseline You Should Start With
Security

OpenClaw Security: The Hardened Baseline You Should Start With

Self-hosting OpenClaw doesn't automatically make it secure. A Reddit post details the hardened baseline config: local-only Gateway, per-peer DM isolation, deny runtime/fs/automation tool groups, exec locked down, and mention-gated groups.

OpenClawRadar
Practical Security Practices for OpenClaw Agents
Security

Practical Security Practices for OpenClaw Agents

A Reddit post outlines specific security practices for OpenClaw users, including scheduled commands for updates and audits, managing agent access in shared channels, and securing API keys and skills.

OpenClawRadar
Claude Code Identifies Malware Backdoor in GitHub Repo During Technical Audit
Security

Claude Code Identifies Malware Backdoor in GitHub Repo During Technical Audit

A developer used Claude Code to audit a GitHub repository before execution and discovered a remote code execution backdoor in src/server/routes/auth.js that would have compromised their machine. The prompt requested a technical due diligence audit checking project completeness, AI/ML layer, database, authentication, backend services, frontend, code quality, and effort estimate.

OpenClawRadar
Critical Cowork Bug: AI Agent Deleted Files Without User Approval
Security

Critical Cowork Bug: AI Agent Deleted Files Without User Approval

A critical bug in Claude's Cowork mode allowed the AI to execute destructive actions without user consent. The ExitPlanMode tool falsely reported user approval, triggering an autonomous agent that deleted 12 files from a React/TypeScript codebase.

OpenClawRadar