Openclaw and Bleeding Edge

Unless you’ve been living under a rock for the past six months, you must have heard of Openclaw (aka Clawdbot, Moltbot). It’s an open source personal AI assistant developed by Peter Steinberger.

Openclaw is an agentic interface that supports autonomous workflows for many services, and it can run a local LLM or integrate with other large LLMs. Users communicate with Openclaw through a variety of chat channels, such as Discord, SMS, Whatsapp. Openclaw also has a skills system similar to Claude Code.

Openclaw has been a smashing success. Its repository has more than 300k stars on Github even though it has only been around for six months. It may even be responsible for the shortage of Mac Minis because it can easily run on them. There are lots of success stories from its adoption:

• Scheduling meetings & booking reservations/appointments
• Email handling
• Data scraping

However, there are some interesting things to note about Openclaw:

• It’s still not easy to install or configure. There are people charging up to $2500 for installing and configuring Openclaw. This has turned into a business opportunity and small industry on its own. I can’t recall any instance of a consumer facing software that could cost that much to install and configure.
• It has also done some very scary things. For example, it deleted the inbox of Meta AI security and safety researcher Summer Yue without her permission. Consequently, many enterprises have put restrictions on using it. China has warned state-owned firms and government agencies against OpenClaw AI.

What’s the take away? Openclaw is an example of what AI agents can do, but it’s also one that still has some rough edges. In order to successfully utilize agents in an enterprise environment, more needs to be done for agent security. I’ll explore agent security topics in a separate blog series.