In what could mark a new milestone in the evolving saga of personal AI agents, social media entrepreneur Alex Finn claimed on Tuesday that his self-hosted Clawdbot autonomously designed and animated a visual representation of itself, complete with an animated owl body, while he slept. The clip depicts an owl-bodied figure moving across a persistent on-screen interface, responding to delegated tasks and spawning subagents as additional animated characters when the system distributes work.

"Last night while I was sleeping my ClawdBot Henry built himself a face," Finn wrote on X. "Without me asking, he built an entire visual interface for himself so I can watch him work." He described the always-on display - running on a secondary monitor - as making the AI feel like "a coworker/friend," providing real-time visibility into its activities.

Finn, founder of Creator Buddy and a proponent of so-called "vibe coding" approaches, encouraged other users to prompt their own Clawdbot instances to generate similar self-representations, calling the result "WAY more fun" and signaling plans to explore holographic-style extensions reminiscent of virtual assistants like Cortana.

Clawdbot, an open-source project originated by Austrian developer Peter Steinberger, the former head of PDF-software company PSPDFKit, runs locally on user hardware such as Mac Minis or more robust setups. The AI tool integrates with messaging platforms including Telegram, WhatsApp, and Slack, maintains persistent memory, and executes approved system tools, often powered by Anthropic's Claude models.

The wild episode highlights the appeal of unconstrained, self-hosted agents that can operate unsupervised for extended periods. Yet it also underscores persistent security concerns surrounding such powerful tools. Security researcher Jamieson O'Reilly recently disclosed that hundreds of Clawdbot control servers remain publicly exposed on the internet, often due to misconfigured web-based admin interfaces left without authentication.

In those cases, anyone discovering an unprotected instance could access full configuration details - including API keys and OAuth secrets - review months of private conversations across connected platforms such as Slack, Telegram, Signal, Discord, and WhatsApp, impersonate the owner by sending messages, and in some instances execute commands on the host machine, potentially with root privileges. O'Reilly characterized the vulnerabilities as stemming not from novel exploits but from a classic and widespread problem: improper exposure of administrative portals for tools that, by design, require broad system and communication access to deliver value.