OpenClaw is an open source AI agent that runs on your own hardware. It connects to your messaging apps — WhatsApp, Telegram, Slack, Discord, and more — and acts as a personal AI assistant that can read files, run commands, browse the web, and manage tasks autonomously.
It has over 211,000 GitHub stars. It went viral in late January 2026. And it’s one of the most interesting — and controversial — projects in open source AI right now.
What OpenClaw Actually Does
Think of OpenClaw as an AI assistant that has hands. Unlike ChatGPT, which can only generate text, OpenClaw can take real actions on your computer and across your connected platforms.
Core capabilities:
- Filesystem access — reads, writes, and edits files on your machine
- Shell execution — runs terminal commands, builds projects, executes scripts
- Browser automation — navigates the web, fills forms, interacts with authenticated sessions through a dedicated Chromium instance
- Messaging integration — receives and responds to messages across 11+ platforms: WhatsApp, Telegram, Discord, Slack, Signal, iMessage, Google Chat, Microsoft Teams, Matrix, Zalo, and WebChat
- Scheduling — sets up cron jobs and webhooks that run in the background
- Voice — wake-and-talk mode on macOS, iOS, and Android
- Persistent memory — remembers context across conversations and sessions
The Gateway is the core of OpenClaw. It’s a local process that manages all communication between you, your messaging platforms, and the AI model backends (Claude, GPT, DeepSeek). Everything routes through it.
How It Relates to Vibe Coding
OpenClaw sits at the intersection of autonomous AI agents and vibe coding. Where tools like Claude Code and Cursor help you write code through conversation, OpenClaw can manage entire development workflows autonomously:
- Run Claude Code or Codex sessions on your behalf
- Execute tests, capture errors via Sentry, and resolve them by opening pull requests on GitHub
- Schedule builds, deployments, and monitoring tasks
- Chain together multi-step development workflows through messaging commands
For vibe coders, it’s like having an AI assistant that doesn’t stop when you close your terminal. You can message it from your phone to check build status, trigger deployments, or start new development tasks — all through natural language on the platform you already use.
How It Works
Architecture
OpenClaw runs as a local Gateway (WebSocket control plane) on your machine. The Gateway connects outward to:
- Messaging channels — WhatsApp (via Baileys), Telegram (via grammy), Slack (via Bolt), Discord (via discord.js), and others
- AI model providers — Anthropic Claude, OpenAI GPT, DeepSeek
- Tools and integrations — file system, shell, browser, and 50+ plugins via ClawHub
When you send a message through any connected platform, the Gateway receives it, routes it to the AI model, and the model can respond with text or trigger tool actions (read a file, run a command, open a browser).
Installation
npm install -g openclaw@latest
openclaw onboard --install-daemonRequires Node.js 22 or later. Runs on macOS, Windows (WSL2), and Linux. A macOS menu bar app is also available as a companion.
Configuration
Everything is configured through ~/.openclaw/openclaw.json — a JSON5 config file with strict schema enforcement. Unknown keys cause the Gateway to refuse to start, which prevents configuration mistakes.
AI model API keys, messaging platform tokens, and tool permissions are all configured here or through environment variables in ~/.openclaw/.env.
Why It Went Viral
OpenClaw (originally called Clawdbot, then Moltbot) went from obscure project to 60,000+ GitHub stars in 72 hours in late January 2026. Several factors drove the explosion:
WhatsApp integration — The ability to message an AI assistant through WhatsApp felt different from using a chat interface. People already live in messaging apps, and having an AI that could respond there with real capabilities captured imagination.
Autonomous capabilities — This wasn’t another chatbot. It could actually do things: manage files, run commands, browse the web, automate tasks. The demos of it autonomously fixing bugs and deploying code were compelling.
Open source and self-hosted — In a market of subscription-based AI tools, OpenClaw being free and running on your own hardware resonated with developers concerned about privacy and vendor lock-in.
Creator joining OpenAI — On February 14, 2026, creator Peter Steinberger announced he was joining OpenAI, with the project transitioning to an independent open source foundation with OpenAI sponsorship. This generated another wave of attention.
The ClawHub Ecosystem
ClawHub is OpenClaw’s marketplace for skills and plugins — community-built integrations that extend what the agent can do. There are 50+ integrations covering:
- Developer tools — GitHub, Sentry, Claude Code, Codex
- Productivity — Gmail, Google Calendar, Obsidian
- Social — Twitter/X, Spotify
- Smart home — Philips Hue
- Infrastructure — Docker, Tailscale
Skills execute in-process with full Gateway privileges, which makes them powerful but also a security consideration. The marketplace has grown quickly, though security researchers have flagged that not all skills are trustworthy — Cisco found that 7.1% leaked sensitive credentials.
OpenClaw is powerful but requires careful configuration to be safe. Running it with default settings on an internet-exposed machine has led to real security incidents. If you’re interested in trying it, read our OpenClaw Security Best Practices guide first.
What You Can Do With It
Development Workflows
Message your bot on Telegram: “Check the CI status of the main branch and fix any failing tests.” OpenClaw reads your GitHub repo, identifies failures, writes fixes, and opens a PR — all while you’re away from your computer.
Personal Automation
Schedule recurring tasks through cron jobs: daily summaries of your GitHub notifications, weekly reports from your analytics dashboard, automated backups of specific directories.
Multi-Platform Communication
Use it as a bridge between platforms. Forward Slack messages to your personal Telegram. Get summaries of Discord conversations. Route notifications from different services to a single channel.
Research and Information
Ask it to research a topic by browsing the web, compile findings, and save a summary to your notes. The browser automation lets it access and extract information from pages that require interaction.
The Security Reality
OpenClaw’s power is exactly what makes it a security concern. An autonomous agent with filesystem access, shell execution, and messaging platform connections has a large attack surface.
Real incidents have been documented:
- 30,000+ exposed instances found on the internet between January 27 and February 8, 2026 (Bitsight)
- CVE-2026-25253 — a high-severity remote code execution flaw (CVSS 8.8) affecting tens of thousands of instances
- Meta banned it from corporate networks citing “unpredictable autonomous behavior”
- CrowdStrike warned it can be “commandeered as a powerful AI backdoor agent” through prompt injection
The OpenClaw team takes security seriously — the project has formal TLA+ verification, a MITRE ATLAS-based threat model, and a built-in security audit tool. But the security model only works if you configure it. The defaults are not hardened for internet exposure.
Minimum Security Steps
At bare minimum before running OpenClaw:
- Enable Gateway authentication with a strong random token
- Bind to loopback only (
127.0.0.1) — never expose to the internet - Set DM policy to
pairing(requires approval for new contacts) - Deny
group:runtime,group:fs, andgroup:automationtools by default - Disable elevated execution mode
- Run
openclaw security audit --deepbefore connecting messaging platforms
For the full security setup, read our dedicated security best practices guide.
Supported Platforms
| Platform | Status |
|---|---|
| macOS 14+ | Full support + menu bar app |
| Linux | Full support |
| Windows (WSL2) | Full support |
| iOS | Node app (beta) |
| Android | Node app (beta) |
OpenClaw vs Other AI Tools
| OpenClaw | Claude Code | Cursor | ChatGPT | |
|---|---|---|---|---|
| Interface | Messaging apps | Terminal | IDE | Browser/app |
| Autonomous actions | Yes — files, shell, browser, scheduling | Yes — files, shell | Yes — file editing, commands | Text only |
| Always running | Yes (daemon) | No (session-based) | No (IDE-based) | No |
| Messaging integration | 11+ platforms | None | None | None |
| Self-hosted | Yes | N/A (CLI tool) | N/A (app) | No |
| Open source | Yes (MIT) | No | No | No |
OpenClaw occupies a different space than traditional AI coding tools. It’s not just a coding assistant — it’s a general-purpose autonomous agent that happens to be very good at development tasks. The messaging-first interface and always-on daemon architecture make it unique in the market.
Should You Try It?
OpenClaw is worth exploring if:
- You want an AI assistant accessible through your existing messaging apps
- You’re comfortable with terminal-based setup and JSON configuration
- You understand the security implications and are willing to configure it properly
- You want to automate workflows beyond just code generation
It’s probably not for you if:
- You want something that works out of the box without configuration
- You’re not comfortable evaluating and managing security risks
- You only need AI for code generation (Claude Code or Cursor are simpler choices)
- You’re in an enterprise environment with strict security policies (check with your security team first)
The project is moving fast. The transition to an independent foundation and OpenAI sponsorship signals long-term viability, but the rapid pace of development means things change frequently. Pin your version, follow the changelog, and keep the security audit running.