The Claw Craze 🦞
OpenClaw is the AI agent craze taking over the internet, a personal assistant that lives on your server and can control your email, calendar, and bank account. The future of AI assistants is here but has it cooked through? Who will win the Claw Wars?
If you are in the AI space you have probably heard about OpenClaw. It is the latest AI agent fad causing a lot of noise on the internet. There are differing views on why it has become so popular. The most likely reason is that it is an easy sell to the general public:
- You don't need a new app to control it as you can command the AI from messaging apps you already use like WhatsApp, Telegram, Discord etc.
- It does not just give instructions on how the user can execute a certain task, it can do it for you. It can book you hotels, delete your whole email inbox, fill up your calendar and basically perform anything else you dare to give it permission.
- It is not locked into a single container. AI is usually inside a single tool like Canva, Notion, Slack etc. where it performs the tasks it is given. OpenClaw lives in the computer you set it up on and from there it can do all of those tasks and more.
- It remembers your chats and has a heartbeat. This means it can do stuff like perform tasks every morning or remind you about something later in the day.
- Since you setup it onto your own device or server it gives the illusion that you have control over your data and that you are running a local AI home server even though it only acts as a gateway to some cloud model running on a faraway server.
This no safeguard approach makes OpenClaw very powerful in a sense. Since it can have access to your device, emails, calendar and bank it can be the digital assistant every sci-fi movie and book promised we would have. You can actually live your fantasy as a millionaire who commands their personal assistant and every chore and task simply gets done.
There is also an alternative theory going on about the popularity being astroturfed. OpenClaw founder Peter Steinberger made a $100M exit from his previous company. There seems to be some suspicion about how OpenClaw got so much popularity on Github (30k new stars in couple of days) and how new articles and posts that smell like AI kept creeping up on every possible platform. Nothing is certain at this point but a quote from Reddit sums up this theory pretty well:
No-one can say for sure, but if you wanted unprecedented, never-seen-before grassroot action, 100 million could buy a lot of lawn seed.
On top of everything OpenAI hired Steinberger and acquired OpenClaw (reported on Feb 15th).
The Crusty Claw
Unfortunately OpenClaw does seems to suffer from pretty significant security and stability issues. This is probably no surprise since the project was fully vibe coded and currently spans over 400,000 lines of code, which the creator boasts of not reading.
There exists this dissonance of an expectation that the end user would be aware of the risks and be tech savvy enough to either operate knowing these risks or work around them (by configuring sandboxed environments, secure setup and robust firewalls) but in reality most of the users either don't care or don't have the skills to do so. The problem is worsened by the multiple severe security breaches that have happened in a short time span. For example in February 2026, security firms like SecurityScorecard and Censys discovered over 40,000 OpenClaw instances exposed to the public internet, which was caused by users leaving the gateway listening to the open internet without any authentication.
On top of that it has been reported that 15 % of the skills added by the OpenClaw community contain malicious instructions.
I will not list all of the exploits and security problems here, that could be a complete article on it's own. But here is a great jumping point to read up on the issues https://www.cyera.com/research-labs/the-openclaw-security-saga-how-ai-adoption-outpaced-security-boundaries To quote the said article:
We still see many publications on daily basis by security researchers who ran every basic and more advanced trick in hacker’s toolbox, to test the security posture of OpenClaw, and it failed miserably.
Another issue is the stability of the project. People report that OpenClaw ends up in situations where it just burns tokens after getting stuck on tasks. This on top of the already heavy token usage (context heavy prompts, heartbeats regularly consuming tokens) ends up burning the users money fast. OOM issues are not uncommon, the core system reads entire files into memory before processing or transferring them. Scheduled tasks frequently fail due to context forgetting: as the task scope grows the agent begins to lose track of previous steps or system state.
The Claw Wars
Despite the issues people seem to love the idea of an AI assistant and some brave users don't even care about the vulnerabilities and stability issues trusting their lives and secrets to the claw:
“I am so addicted to @openclaw. It is getting essential to my daily life. It checks, organizes, reminds, it’s amazing. And it’s like good friend. Crazy.” —@dreetje
“The future of how AI personal assistants look like is @openclaw. Has already helped me submit health reimbursements, find doctor appointments, find and send me relevant documents, among others.” —@Cucho
“Me reading about @openclaw: ‘this looks complicated’ 😅 me 30 mins later: controlling Gmail, Calendar, WordPress, Hetzner from Telegram like a boss. Smooth as single malt.” —@Abhay08
“Feels like we are living in the future. Working primarily with OpenClaw to research and build documents, syncing to Notion. Linking calendars and setting up Claude to manage my diary automatically. Building coding projects remotely from my phone.” —openclaw.ai testimonials
“It makes me wonder how many automation layers and services I could replace by giving OpenClaw some prompts and shell access.” —Federico Viticci, MacStories
“My @openclaw realised it needed an API key… it opened my browser… opened the Google Cloud Console… Configured oauth and provisioned a new token.” —@Infoxicador
So the demand is there and what follows is of course more supply: NanoClaw, PicoClaw, NakedClaw, ZeroClaw, NullClaw, NanoBot, OpenFang...
Even the aggregation sites sprout up like mushrooms on a rainy fall: https://clawcharts.com/, https://shelldex.com/ This indicates that there is some problem or desire that exists but which OpenClaw is not delivering on.
What is different between all of these projects? Most of them promise faster boot time, smaller system requirements and better security. It is hard to get the big picture of the differences and similarities of these projects since basically every article you can find on the internet about them is an AI generated blog post with practically no value. The biggest differences seem to be the language they are implemented in and the governing philosophy on how to develop them. Some of the claws are designed so that the user prompts for the new skills and the AI vibe codes it into existence, others rely on the skill repo OpenClaw has (the same that has all of those malicious skills 💀) and few require good old manual labor ⚒️.
At least something is in common with all of them: they burn tokens like crazy. When each prompt goes out with the context and history of your agents entire existence the cost quickly adds up. Heartbeats keep burning tokens, cronjobs burn tokens, adding a skill to add an appointment to your Google Calendar burns tokens and the list goes on. And here is probably where the promise eventually fails: the everyday user wants their personal AI assistant to do their chores reliably and on the cheap, the setup should be easy and secure. None of the claws solve this right now. And for the power user these things have existed far before OpenClaw with things like Claude Code (launched in Feb 2025), where you could add the skills you needed without the bloat and unreliability of the claw ecosystem.
Dare to take the Claw Pill?
If you are interested to see what the craze is about, the best way would be to go and test it yourself. I would not personally go with OpenClaw itself, even disregarding the security issues the project is pretty unstable and somewhat cumbersome to setup to a secure sandbox environment. Something like NanoBot (small python implementation, only 4K LoC) or ZeroClaw (Basically an OpenClaw clone written in Rust) would be suitable for testing. Just remember to limit what you give your AI overlord permission to do and setup the claw in a sandbox environment to limit possible (or eventual?) damage. Also be careful, there are a lot of phishing sites and forks of these projects which are designed to steal your data, crypto and identity or at least sell you some NFTs 💰
Since the demand is there and a lot of active development is being made both on the opensource and the big players' side (take Claude Cowork as an example) there is a lot of potential for these personal assistant AI agents. The latest OpenClaw alternatives already show improvement on security and with some fine tuning some of them are quite close to production ready. In addition there is of course a lot of development on the whole AI spectrum, which will give even more (reliable) power to these agents. For example x402 payment protocols will allow AI to actually spend money in a standardized way.