OpenClaw is a free, open-source autonomous AI agent you run on your own hardware. Built by Austrian developer Peter Steinberger, it's designed to go beyond answering questions — it takes real actions on your behalf: clearing inboxes, sending emails, managing calendars, browsing the web, running automations, and more.
The elevator pitch is simple: imagine a smart AI assistant with eyes and hands at a desk. You message it like a coworker through apps you already use — WhatsApp, Telegram, Slack, Discord, iMessage — and it gets things done.
It went viral in late January 2026, attracting attention from AWS, Nano Labs (who shipped dedicated OpenClaw hardware), and a Shenzhen government agency that published a draft policy supporting its adoption.
A Brief History
The project has gone through several names in a short time:
| Date | Event |
|---|---|
| Nov 2025 | Released as Clawdbot by Peter Steinberger |
| Jan 27, 2026 | Renamed Moltbot following trademark complaints from Anthropic |
| Jan 30, 2026 | Renamed OpenClaw, keeping the lobster theme 🦞 |
| Feb 14, 2026 | Steinberger announced he joined OpenAI; project moved to open-source foundation |
Despite the turbulent naming history and its creator's departure, the community has continued developing it at pace.
How It Works
OpenClaw is built around three components:
The Gateway
A locally-running daemon (installed via launchd on macOS or systemd on Linux) that acts as the control plane. It brokers communication between your chosen chat interface, the AI model backend (Claude, Bedrock, Copilot, or others), and installed skills and tools.
The Gateway exposes a WebSocket API (default: TCP port 18789) for inter-component communication. This is also the primary security surface — more on that below.
Channels
OpenClaw connects to an impressively wide range of messaging platforms out of the box:
WhatsApp · Telegram · Slack · Discord · iMessage · Signal · Google Chat · Microsoft Teams · Matrix · IRC · LINE · Mattermost · Nostr · Twitch · and more
You interact with your agent through whichever platform you already live in. No new app to install.
Skills
Skills are the extensibility layer — packages that add capabilities to the agent. A skill might give your agent the ability to manage GitHub issues, control your smart home, interact with Notion, or run terminal commands. Skills execute code with access to the filesystem and network, which makes them powerful but also a meaningful security consideration.
Getting Started
OpenClaw runs on Node.js 22+ and is installed via npm:
npm install -g openclaw@latest
openclaw onboardThe onboard wizard walks you through setting up the Gateway daemon, workspace, channels, and initial skills. AWS Lightsail now offers a pre-configured OpenClaw blueprint for straightforward cloud deployment.
Why Developers Love It
It's self-extending. You can tell OpenClaw to build new skills for itself, and it will — then start using them. The feedback loop between user intent and agent capability is unusually tight.
Persistent memory and context. Unlike stateless chatbot sessions, OpenClaw maintains memory across conversations. Context persists 24/7, carries across tools like Cursor and Claude Code, and survives restarts.
Model-agnostic. It works with Claude, OpenAI, Copilot, Amazon Bedrock, and others. Users have reported routing between subscriptions dynamically — using Claude Max until it caps, then switching to a Copilot endpoint as a fallback.
It's local and open. Your context and skills live on your own machine, not in a vendor's walled garden. For privacy-conscious developers and teams, this is a significant differentiator.
Security Considerations
OpenClaw's rapid growth has attracted serious scrutiny from security researchers. The concerns are legitimate and worth understanding before deploying it.
Gateway exposure. The Gateway's WebSocket API, if exposed to the internet, is an active target. Pillar Security ran a honeypot mimicking the OpenClaw Gateway and recorded exploitation attempts within minutes. The Gateway should never be exposed directly to the public internet — use a secured tunnel (Tailscale, WireGuard) instead.
Prompt injection. Because OpenClaw processes messages from external channels and acts on them, it's susceptible to prompt injection — malicious instructions embedded in emails, web pages, or group chats that trick the agent into taking unintended actions.
Unvetted skills. The skill ecosystem is growing fast but lacks centralized vetting. Skills execute code with broad permissions. Treat them like any other executable dependency — audit before installing, and don't pull from untrusted sources.
Impersonation campaigns. Aikido documented a malicious VS Code extension impersonating OpenClaw branding that installed remote-access tooling on Windows. Stick to the official GitHub repository and npm package.
The Broader Significance
OpenClaw represents something genuinely new: an AI agent that's personal, local, model-agnostic, and self-extending. The architecture — a persistent daemon, a skills ecosystem, multi-channel messaging as the UI — is a credible blueprint for what personal AI infrastructure looks like when it's not owned by a single platform.
Whether OpenClaw itself becomes the dominant implementation or just an influential prototype, the pattern it's established is likely to stick: AI agents that live on your infrastructure, integrate with your existing tools, and act on your behalf 24/7.
Quick Reference
| GitHub | github.com/openclaw/openclaw |
| Runtime | Node.js ≥ 22 |
| Install | npm install -g openclaw@latest |
| License | Open source |
| Created by | Peter Steinberger |
| Status | Active (community-maintained, open-source foundation) |
