OpenClaw: The Local AI Assistant That Took Over GitHub
OpenClaw (formerly Clawdbot, then Moltbot) went from a weekend project to 145k GitHub stars in a matter of weeks. I spent a weekend setting it up. Here are my notes.
What Is It
OpenClaw is a personal AI assistant that runs locally on your machine and connects to chat apps you already use. Think of it as a self-hosted AI butler that lives in your WhatsApp, Telegram, Slack, Discord, iMessage, or whatever you chat on.
Unlike ChatGPT or Claude web apps, OpenClaw:
- Runs on your hardware (laptop, homelab, VPS)
- Uses your API keys (no middleman subscription)
- Accesses your local files (with your permission)
- Has persistent memory (stored as local Markdown files)
Install
One line:
curl -fsSL https://openclaw.ai/install.sh | bash
The onboarding wizard walks you through connecting your first channel (I started with Telegram) and setting up an LLM provider.
Architecture
Your Chat Apps (WhatsApp/Telegram/Slack/...)
│
▼
OpenClaw Gateway (local)
├── Persistent Memory (Markdown files)
├── AgentSkills (100+ built-in)
├── File System Access
├── Browser Automation
└── Shell Execution
│
▼
LLM Provider (your API key)
Claude / GPT / Local via Ollama
The key insight: OpenClaw is a gateway between your chat apps and AI models. It bridges 50+ integrations including productivity tools and even smart home hardware.
What It Can Actually Do
After a weekend of testing:
Worked well:
- Summarize long articles I paste into Telegram
- Draft email replies based on context
- Search my local notes and answer questions about them
- Set reminders and calendar events
- Run shell commands when I ask (“what is using port 3000?”)
Worked okay:
- Shopping research (found products but sometimes hallucinated prices)
- Multi-step tasks (book a restaurant → add to calendar → message friend)
Be careful with:
- Anything involving deleting files or sending messages autonomously
- Giving it access to your email without sandbox mode first
The Skills System
OpenClaw has a public registry called ClawHub with 5,700+ community-built skills. Skills extend what the agent can do:
# Browse available skills
openclaw skills search "summarize"
# Install a skill
openclaw skills install @community/youtube-summarizer
Skills range from useful (PDF extraction, code review) to creative (generate Spotify playlists, meal planning). The quality varies wildly since anyone can publish.
Security: The Elephant in the Room
This is the part that made me cautious. OpenClaw has persistent memory and can execute shell commands. Security researchers have flagged prompt injection risks:
- A malicious website could embed hidden instructions that the agent picks up when browsing
- Because of persistent memory, poisoned instructions could affect future sessions
- In full access mode, the agent can read/write files and run commands
My recommendation:
- Start in sandbox mode
- Review what permissions each skill requests
- Do not give it access to financial accounts
- Keep sensitive files outside its workspace
- Use a dedicated API key with spending limits
OpenClaw now has a VirusTotal partnership for skill scanning, and the team shipped 34 security-focused commits recently. They acknowledge prompt injection is still “an industry-wide unsolved problem.”
My Setup
I run it on a small VPS:
Provider: Claude Sonnet 4.5 (via API key)
Channels: Telegram + Discord
Skills: Web search, file reader, code review
Mode: Sandbox (switched to full access only for specific tasks)
Memory: ~50 Markdown files after a week of use
Monthly cost: whatever I spend on Claude API calls. No subscription fee.
Verdict
OpenClaw is the most impressive open-source AI project I have seen in a while. The fact that it runs locally, uses your own API keys, and connects to existing chat apps makes it genuinely useful rather than just a tech demo.
But the security model needs work. I would not run it in full access mode on a machine with sensitive data. Start with sandbox mode, use it for low-risk tasks, and gradually expand as the security story matures.
The 🦞 lobster branding is growing on me.