While perhaps the most polarizing and popular of the AI cults to date, OpenClaw has become the first breakthrough for the next generation of AI harness.
Don’t ask Garry where he wants to stick his gstack Source
And after a few weeks of using OpenClaw – and thankfully avoiding the AI psychosis infecting many – I can reluctantly admit that OpenClaw is worthy of your consideration, at least as a trail blazer for the next generation of agent harness, even if it doesn’t remain the winner agent harness long term.
Hire me as CTO or tech lead for your next project.
Focus on growing the business, never worry about the tech again.
Slide into my DMs on X or Substack. Select portfolio at Deca Labs.
A brief history on AI agents
AI entered general awareness with ChatGPT in November 2022 with the “Chat” interface.
The next generation was marketed as “Copilot” type tools which can easily pull in context of what you’re looking at to improve responses to your questions. They were still fundamentally chat based, but could now have read access on the same code files you were looking at in your IDE. Think Cursor, Github Copilot, Junie...etc.
Next was the “Agentic” generation. As foundational models became more capable, the tools exposed to them grew as well from simply reading file contents, to now writing files, running Terminal commands, and even operating desktop software itself.
The “Agentic” generation started small, an additional drop-down in Copilot chat windows to now offer “Agent” instead of just “Plan”, “Ask”, and “Edit”.
Claude Code took the world by a storm by providing a Terminal based interface for aggressively agentic engineering, where the AI model through it’s agentic harness had more autonomy to run local tools in addition to reading and writing files. This meant it could now have full access to the entire REPL loop, reading, writing, running tests, and evaluating the results.
The tight agentic software engineering inner loop has been like crack cocaine for software engineers. And many took it further, not just running one Claude Code and watching it work for 10 minutes per prompt, but managing several in parallel, as has been covered in our AI roundup series with Conductor.
Many software engineers have reported working harder than they’ve ever worked before because of the endless dopamine hits from managing multiple agents in parallel.
But, despite the polish and macros gradually added to Claude Code and now Conductor, the experience was still reliant on a human at a desk prompting and reviewing results on their monitor. If they left and their computer went to sleep, the agentic engineering stopped too.
Some engineers even admitted they were taking their laptops with them to pickup their kids from school so the agents could keep coding from the passenger seat and their phone’s hotspot internet connection.
The next breakthrough was how to decouple the power of agents from the desks.
Use Poaster’s custom AI model to pull the best quotes from your long form writing, and automatically post them to your socials.
Skip the army of virtual assistants, start today for $1/month.
What is OpenClaw?
OpenClaw is the first of the next generation, of “Agents” decoupled from desks, always online, always ready to work. It burst onto the scene in November 2025 and within weeks was going viral, attracting almost 250k stars on Github and 50k repo forks, with endless videos on YouTube of often non-engineers setting up and using it themselves. After legal threats from Anthropic – maker’s of Claude, it was renamed from originally Clawdbot to Moltbot, Molty, and then OpenClaw.
OpenClaw provides an always on runtime and lifecycle which unlocks some novel use cases:
Full OS access: it can control your Mac or Linux VM or whatever it is running on, including files, terminal commands, and desktop software
Always on: using background daemons it is always running and ready
Memory: over time it summarizes notable aspects of past interactions in markdown files for future reference
Soul.md: essentially a CLAUDE.md or AGENTS.md for your OpenClaw where you can tune the personality, a system prompt added to every interaction
Skills: to offer more deterministic outcomes, “Skill” markdown files with instructions how to do specific tasks are leveraged heavily, OpenClaw even has a public Skill marketplace where users have published and even pay for these Markdown files.
Chat First: OpenClaw is primarily interacted with through chat, but has robust support for most existing platforms including Slack, Telegram, iMessage, WhatsApp, Discord, and countless others. You’re not tied to your terminal window anymore.
Heartbeat: OpenClaw summarizes hourly and daily recent interactions in its memory files, and has a cron job style hook for recurring tasks through it’s Heartbeat file which is run frequently.
Model agnostic: Not limited to only Anthropic models, you can plug-in any AI model backend including local OSS AI models.
OpenClaw has even more features and capabilities but the above are the key defining primitives which set it as a new paradigm and next generation for AI harness.
Once you start to wrap your mind around the new primitives, you can quickly see how powerful an always-on agent with full computer access can be in automating and delegating otherwise time consuming tasks.
Thank you to the readers who pay to make this newsletter possible.
Ready to turn your life around? Subscribe & start here and report back your wins.
– Fullstack
This Substack is reader-supported. To receive new posts and support my work, consider becoming a free or paid subscriber.
What can it do?
While there are thousands of hours of YouTube videos or endless Reddit pages you can now find on use cases, here are some I’ve had success with in my testing:
Private AI chat through Telegram, Slack, ...
Morning Brief: weather, calendar
Calendar management: create new events, send invites
Plan your workouts and book in your calendar
Web crawling: used car purchase research across AutoTrader, Craigslist, and Facebook Marketplace.
Lead generation: Can web crawl and find the emails for all sales managers within your specific target market persona within 100 miles
Limited availability tickets: can write a custom web scraping JS script on a Cron job (every 15 minutes) and check if tickets are available, ping you with options, and book with your information based on your reply
Coding: can use Claude Code or the raw model to complete coding tasks and send you the finished PR for review
Investigation: give it a Slack URL and it can read and investigate the bug report, propose the fix, draft the PR, and test it after you merge
Give it read access on DataDog and Google Cloud Console (GCP) and it can investigate and propose fixes to production issues
Daily push new PRs and tweets to fully automate development and marketing for a new SaaS business
Increasingly, I just continued to throw more outrageous tasks which I thought it would fail at, and I would continue to be shocked that it would succeed.
Open (not Perfect) Claw: Vulnerabilities, limitations, tradeoffs
While OpenClaw was the first of its kind to get mainstream success in this next generation of agents, it does come with some significant limitations and tradeoffs.
Vibe coded
While the definition is slowly losing it’s meaning as AI coding is being wielded by top engineers, for OpenClaw the velocity it was built at has meant many security risks were missed or overlooked until it became popular and got more attention.
Large attack surface
Any of your channels (Telegram, Slack...) get hacked? An attacker could now have full access to the computer, any logins/API keys, local network...
Javascript
OpenClaw is written in Node Javascript which ends up feeling slow sometimes potentially due to feature bloat or lacking performance optimizations.
Skills marketplace
OpenClaw users created a marketplace and many instances reference it to pull existing published skills instead of generating skills fresh with the connected AI model, some studies have shown up to 40% have hidden prompt injection vulnerabilities in the published skills. When users let their OpenClaw pull and start using one without verifying source skill code, getting hacked is not only possible but likely.
Prompts
Many of the same limitations of AI models apply where bad prompts get bad results
Context Management
Long-running conversations and bloated Soul.md and Skills files can quickly fill up context windows for the connected AI model leading to worse results with no immediately obvious fix surfaced.
Model Selection
Underpowered models, often chosen because they can run for free locally, or cheap in the cloud, can seem fine initially but lead to frustrations when they fail with harder tasks
Model Cost
OpenClaw was built assuming Anthropic Claude Max plans with near unlimited token usage for fixed $100 or $200 per month.
With OpenClaw usage now banned on those all-you-can -eat accounts, raw API usage for models can add up quick with users easily spending sometimes $100 per day in API costs just on Heartbeat repeated tasks, let alone other new conversations and work.
OpenClaw has many patterns that needlessly blow tokens and lacks more refined model fallback to allow splitting prompt handling by complexity between cheaper and more expensive models.
Technical expertise still required
While OpenClaw has gathered a cult following of many non-technical users, it still is a major hurdle for average non-engineers to setup, configure, and most importantly debug when it breaks or something goes wrong.
Chat based self-configuration is incredible the first time you try it, but when model connection breaks or channel gateway fails, you’ll still be jumping into terminal to manually debug which is beyond the skills or confidence of most non-engineers.
Inefficient memory management
Memory management by default is only with markdown files on disk, which while simple and easy to introspect for users, is not as token efficient or scalable for search with longterm usage as an on-disk database.
Practice Safe Claw
If you want to try OpenClaw, make sure you are fully aware of the above limitations and risks and manage your operational security accordingly. Consider these guidelines:
Don’t use the OpenClaw Skill Marketplace
Always tell your agent to generate any new skills organically, and to not ever reference the published skill marketplace. This prevents a major source of hidden vulnerabilities and prompt injection attacks.
Use a whitelist for channel gateways
Don’t publish Telegram or Slack bots publicly where anyone can discover your app, install it in their Slack workplace or Telegram and start chatting with your OpenClaw. Always require manual whitelisting of new users with a terminal command to prevent unauthorized user access.
Setup recurring backups of config and memory to a git repo
Have OpenClaw setup regular backups to a new repo of all config and memory so restoring to a new machine is easier.
Use separate API keys and model budgets
Limit your financial risks with unique API keys with daily budgets for any cloud based AI model providers to prevent any financial shocks where OpenClaw blows $1k overnight in some infinite loop.
Separate compute
Do not run OpenClaw on your primary computer! The risk is immense that it can do something crazy and leak or destroy your local computer or data.
Separate accounts
Do not give OpenClaw full access to your 1Password and online accounts. Dedicated email, calendar, and password manager is recommended to prevent leak or deletion from a AI chat gone rogue.
Colleagues have given it tasks like “De-duplicate my contacts in these two Gmail accounts” and OpenClaw went and blew $100 in tokens and ended up deleting all their contacts irreversibly.
Treat it as a rogue, retarded intern, do not give it the keys to the kingdom.
Better Claw?
Notably, OpenClaw’s solo founder and chief priest Peter Steinberger was acq-hired by OpenAI in February 2026, leading to increasing concerns in now divergent incentives to maintain and improve the project he founded, while OpenAI is paying him to build competing capabilities into first-party products. He’s repeatedly given rude replies to requests for faster review of new PRs and improved project support, though it might be anything personal, simply that he’s Austrian.
While having only been in the wild for 5 months, OpenClaw already has many competitors to consider, some growing very quickly and addressing some of the biggest flaws with novel solutions.
Upcoming posts will include coverage of competitors that arguably are better for most people at this point, namely…
Continue reading this post for free, courtesy of BowTied Fullstack.
