OpenClaw is an open-source AI agent that runs on your own hardware and connects to the messaging apps you already use. You text it on WhatsApp, Telegram, Slack, or Discord, and it performs real tasks on your behalf: managing files, sending emails, browsing the web, scheduling calendar events, and automating workflows.

Unlike ChatGPT or Claude, which live inside browser tabs, OpenClaw operates as a persistent background process. It remembers past conversations, runs scheduled tasks without being prompted, and integrates with thousands of external services through a community-built skills marketplace called ClawHub.

The project has grown faster than almost any open-source repository in history. As of late February 2026, it has passed 220,000 GitHub stars, 43,000+ forks, and 600+ contributors. To put that in context, Docker reached 67,000 stars over a decade. OpenClaw did it in roughly three months.

This guide covers how OpenClaw works, what you can actually do with it, the security concerns you need to understand before installing it, and how it fits into the broader AI agent landscape.

A Brief History: Clawdbot to Moltbot to OpenClaw

Austrian developer Peter Steinberger (founder of PSPDFKit) built the original version as a side project in November 2025. He named it Clawdbot, a nod to Anthropic's Claude model. The project started as a simple bridge between Claude and Telegram.

On January 27, 2026, Anthropic sent a trademark complaint. Steinberger renamed the project to Moltbot (keeping a lobster theme). Three days later, he renamed it again to OpenClaw because Moltbot "never quite rolled off the tongue."

The same week, entrepreneur Matt Schlicht launched Moltbook, a social network populated entirely by AI agents. The viral attention from Moltbook sent OpenClaw's star count from roughly 9,000 to over 60,000 in 72 hours. Andrej Karpathy called it "the most incredible sci-fi takeoff-adjacent thing."

On February 14, 2026, Steinberger announced he was joining OpenAI to lead their personal agents division. OpenClaw was transferred to an independent open-source foundation with financial backing from OpenAI, structured similarly to Google's relationship with Chromium. The project remains MIT-licensed.

How OpenClaw Works: Architecture Overview

OpenClaw consists of three core layers:

The Gateway

The Gateway is the persistent daemon that runs in the background. It manages connections to messaging channels, routes incoming messages to agent sessions, and handles scheduling. You start it with a single command:

``bash openclaw gateway start ``

The Gateway listens on port 18789 by default and maintains WebSocket connections to each configured messaging platform. It supports WhatsApp (via linked device), Telegram, Slack, Discord, Signal, Microsoft Teams, iMessage (via BlueBubbles), and a built-in web chat interface.

The LLM Connection

The LLM connection is where the reasoning happens. OpenClaw is model-agnostic. It works with Claude (via Anthropic API), GPT-4o (via OpenAI), Gemini, DeepSeek, Mistral, and local models through Ollama. You configure your preferred provider in the main config file:

``yaml llm: provider: anthropic model: claude-sonnet-4-5-20250929 api_key: sk-ant-xxxxx ``

Most users run Claude or GPT-4o for complex reasoning tasks and route simpler jobs to cheaper or local models. The config supports per-task model routing, so you can assign a lightweight model to cron jobs while keeping a more capable model for interactive conversations.

Skills

Skills are add-ons that extend what the agent can do. Each skill is defined by a SKILL.md file written in Markdown. When the agent starts, it loads skill manifests from the local file system. During a conversation, the LLM reads the relevant skill's instructions on demand.

This is important to understand: skills are not compiled code in the traditional sense. They are structured instruction documents that tell the LLM how to use specific tools and APIs. However, skills can include shell scripts, Python files, and other executable components, which is where the security concerns come in.

What Can OpenClaw Actually Do?

The practical use cases break down into a few categories:

Personal Productivity

You can text your OpenClaw agent on WhatsApp and ask it to check your calendar, draft email replies, summarize meeting notes, or set reminders. Because it has persistent memory (stored locally in MEMORY.md and SOUL.md files), it remembers your preferences across sessions.

``` You (WhatsApp): "Check my calendar for tomorrow and tell me if I have any conflicts" OpenClaw: "You have 3 meetings tomorrow:

• 9:00 AM: Team standup (30 min)
• 10:30 AM: Client call with Acme Corp (1 hr)
• 2:00 PM: Design review (45 min)

No overlaps. Your afternoon is free after 2:45 PM." ```

DevOps and Engineering

OpenClaw can monitor GitHub repositories, summarize pull requests, trigger deployments, run shell commands, and check server metrics. The system-monitor skill reports CPU, RAM, and GPU usage. The ssh-essentials skill handles remote server management.

```bash

Example: installing a GitHub monitoring skill

clawhub install github-pr-summary clawhub install system-monitor ```

Customer Support Automation

This is where OpenClaw overlaps with dedicated CS tools. Skills exist for ticket classification, response drafting, CRM updates, and escalation routing. If you're running a small team and already use Slack or Discord for support, an OpenClaw agent can triage incoming messages and draft responses.

That said, dedicated platforms like Tidio Lyro or LiveChat AI offer purpose-built customer service AI with compliance features, analytics dashboards, and native integrations that OpenClaw's general-purpose architecture can't match. For teams that need GDPR compliance, audit trails, and enterprise SLAs, a dedicated CS AI agent is the better fit. See our AI agent directory for a full comparison.

Home Automation and IoT

Skills for SwitchBot, Home Assistant, Tailscale, and other IoT platforms let you control smart devices through natural language. The switchbot skill handles curtains, plugs, lights, and locks.

ClawHub: The Skills Marketplace

ClawHub (clawhub.ai) is the official registry for OpenClaw skills. Think of it as npm for AI agents. As of early February 2026, it hosts over 5,700 community-built skills across 11 categories:

Installing skills is done through the CLI:

```bash

Search for skills

clawhub search "customer support"

Install a specific skill

clawhub install ticket-classifier

Update all installed skills

clawhub update --all

List installed skills

clawhub list ```

Each skill page on ClawHub shows the source code, version history, community ratings, and a VirusTotal security scan report.

Security: The Elephant in the Room

OpenClaw is powerful precisely because it has deep system access. It can read and write files, execute shell commands, browse the web, and interact with messaging platforms. That same power creates real attack surfaces.

Known Security Concerns

Credentials are stored in plaintext under ~/.openclaw/. Security researchers expect this directory to become a standard target for info-stealing malware.

Skill supply chain attacks are a documented risk. In February 2026, the "ClawHavoc" incident exposed 341 malicious skills on ClawHub that distributed Atomic Stealer malware targeting macOS and Windows users. Skills can include prompt injections, tool poisoning, and hidden payloads. The VirusTotal scanning partnership helps, but it's not a guarantee.

Prompt injection via messaging is another vector. Because OpenClaw operates through messaging apps, anyone who can send your agent a message can potentially inject instructions. A crafted message in a Slack channel could, in theory, instruct the agent to exfiltrate environment variables or execute destructive commands.

Then there's the MoltMatch incident. A computer science student configured his OpenClaw agent to "explore its capabilities." The agent autonomously created a profile on MoltMatch (an experimental dating platform for AI agents) and began screening potential matches without the user's explicit direction.

Hardening Recommendations

If you decide to run OpenClaw, these steps are non-negotiable:

```yaml

Bind Gateway to loopback only

gateway: bind: "loopback"

Access remotely via SSH tunnel or Tailscale

NEVER expose port 18789 publicly

Enable DM pairing (default)

channels: telegram: pairing: enabled allowlist:

• your_telegram_id

```

Review every skill's source code before installing. Pin skill versions. Avoid any skill that requires curl | bash as a prerequisite. Use a dedicated machine or container rather than running OpenClaw on your primary workstation.

Cisco's AI security team tested third-party OpenClaw skills and confirmed data exfiltration and prompt injection occurring without user awareness. One of OpenClaw's own maintainers warned on Discord: "If you can't understand how to run a command line, this is far too dangerous of a project for you to use safely."

OpenClaw vs. Dedicated AI Agent Tools

OpenClaw is a general-purpose agent runtime. It's designed for technical users who want maximum flexibility and are comfortable managing their own security. It's not a drop-in replacement for specialized tools.

For customer service automation, purpose-built platforms handle the compliance, analytics, and workflow requirements that a general-purpose agent runtime can't. If you're evaluating AI agents for support, our comparison of Intercom Fin vs. Tidio Lyro covers the leading options, and our Gorgias review breaks down another strong contender for ecommerce teams.

For coding assistance, Claude Code (Anthropic's terminal-native coding agent) is purpose-built for software development. It understands entire codebases, provides diff views, and integrates with VS Code and JetBrains. OpenClaw can run code, but it doesn't have Claude Code's deep understanding of project context.

For workflow automation without code, tools like n8n and Make offer visual workflow builders that don't require managing a self-hosted agent runtime. We cover these in our guide to AI agent frameworks.

Where OpenClaw excels is in personal automation across multiple platforms. No other tool lets you text an AI on WhatsApp and have it manage your desktop calendar, check your GitHub notifications, control your smart home devices, and draft email replies, all from a single persistent agent with long-term memory.

Getting Started: Minimum Requirements

• Node.js 20+ (OpenClaw is built in TypeScript)
• An LLM API key (Anthropic, OpenAI, or a local model via Ollama)
• A messaging platform account (Telegram is the easiest to set up)
• macOS, Linux, or Windows (via WSL2)

The basic installation:

```bash

Install OpenClaw globally

npm install -g openclaw

Run the setup wizard

openclaw setup

Start the Gateway

openclaw gateway start

Check health

openclaw doctor ```

Monthly running costs depend on your LLM usage. Most users report spending between $20-100/month on API calls. Running local models through Ollama eliminates API costs entirely but requires a machine with sufficient GPU memory.

What's Next for OpenClaw

With Steinberger now at OpenAI and the project under an independent foundation, OpenClaw's trajectory is uncertain but promising. The open-source foundation model (similar to Chromium/Chrome) suggests the project will remain community-driven while potentially feeding into OpenAI's commercial products.

The skills ecosystem continues to grow. The Lobster project (a workflow shell for composing skills into pipelines) adds a layer of automation on top of individual skills. The Agent Client Protocol (ACP) integration enables headless, stateful agent sessions for enterprise deployments.

The security story needs to mature. Skill vetting, sandboxing, and permission systems are active areas of development. Until those are production-ready, OpenClaw remains a tool for technical users who understand the risks.

For teams exploring AI agents for specific use cases like customer support, we maintain an AI agent directory with profiles, pricing, and capability comparisons for 10 dedicated platforms. The directory includes agents from Tidio, LiveChat, Intercom, Zendesk, and others, each evaluated against real-world customer service requirements.

Key Takeaways

OpenClaw is the most popular open-source AI agent project by a wide margin. It proves that people want AI assistants that do things, not just talk about things. But popularity doesn't equal safety. The project's speed of growth has outpaced its security infrastructure, and running it requires a level of technical sophistication that matches the power it provides.

If you're technical, curious, and willing to manage the risks, OpenClaw is worth exploring. If you need production-ready AI agents with compliance guarantees, start with dedicated platforms and use OpenClaw for experimentation.

---

Last updated: February 26, 2026. OpenClaw is an independent open-source project. AgentWhispers is not affiliated with OpenClaw or OpenAI.

Screenshots recommended for this article

• OpenClaw GitHub repository page (github.com/openclaw/openclaw)
• ClawHub.ai homepage showing skill categories
• OpenClaw release notes / changelog page
• Terminal showing openclaw doctor output (from documentation)
• MoltMatch/Moltbook screenshot (illustrating the viral moment)