tools / agentic platforms / openclaw

OpenClaw — The 247K-Star AI Agent Platform You Can Run at Home

Self-hosted AI agent runtime that connects to WhatsApp, Telegram, and 30+ platforms
8.5 /10

The most compelling self-hosted AI agent runtime available today. Extraordinary community momentum, deep messaging integrations, and a genuinely useful skill ecosystem — but the security track record requires real caution before production deployment.

Open SourceSelf-HostedFree
Free
Price
mac, linux, cli
Platforms
2025
Founded
Austria
HQ
Yes
Open Source
Yes
Self-Host

OpenClaw is a Node.js-based self-hosted AI agent runtime. You run it on your machine or a VPS, connect it to your messaging platforms, point it at an LLM API (or a local model), and it operates autonomously — executing tasks, scheduling workflows, browsing the web, and maintaining memory across sessions. It’s the closest thing to a personal AI staff member running 24/7 on your own infrastructure.

Since its first public release in November 2025 as “Clawdbot,” it has accumulated 247,000 GitHub stars and 47,700 forks — surpassing React to become the most-starred software project on GitHub. That’s not hype: it’s a genuinely capable platform with real use cases and an exceptional community.

What OpenClaw Does

At its core, OpenClaw is a message router with an agentic loop. When a message arrives on any connected channel — WhatsApp, Telegram, Slack, Discord, Signal, iMessage, or 20+ others — the runtime routes it to your chosen LLM with context from memory and available skills. The LLM decides whether to respond, execute a skill, browse the web, run a shell command, or chain multiple steps together.

Unlike chatbots that only respond when asked, OpenClaw runs continuously. You can schedule it to send you a morning briefing, monitor a service and alert you if it goes down, automatically triage emails, or run a weekly competitor analysis. The agent initiates; you don’t have to prompt it.

Supported messaging channels include: WhatsApp (via Baileys), Telegram (via grammY), Slack, Discord, Signal, iMessage/BlueBubbles, Google Chat, Microsoft Teams, Matrix, IRC, LINE, and more.

System integrations: Browser control via Playwright for form-filling and web scraping, full shell command execution, file system access, webhooks, cron jobs, and API integrations with 50+ services (GitHub, Spotify, Gmail, Obsidian, Philips Hue).

Skills: The Ecosystem That Makes It Useful

OpenClaw ships with 100+ bundled AgentSkills covering common operations. The community has built 13,700+ additional skills in ClawHub, the official registry. Skills are JavaScript/TypeScript modules installed with:

openclaw skill add <skill-name>

This ecosystem is what puts OpenClaw ahead of every competing agent framework. Most agentic platforms have documentation for how you could integrate with a service. OpenClaw has working code that someone has already tested.

Installation

Requirements: Node.js 22+, 2 GB RAM minimum (8 GB recommended for cloud model usage), macOS 13+ or Linux. Windows users need WSL 2.

Quickest path:

npm install -g openclaw@latest
openclaw onboard --install-daemon

The onboard wizard walks you through LLM provider selection, API key setup, and channel configuration. For production/24-7 use, the Docker Compose method is the better choice:

git clone https://github.com/openclaw/openclaw
cd openclaw
cp .env.example .env  # add your API keys
docker compose up -d

A minimal VPS (Hetzner CPX11 at ~€5/month) is enough. OpenClaw itself is free; you pay for hosting and LLM API usage. With DeepSeek, the API costs can be under $5/month. With Claude Opus, expect $10–50/month depending on volume.

Model Support

OpenClaw is model-agnostic:

ProviderModelsBest For
Anthropic ClaudeOpus 4.6, Sonnet 4, Haiku 3.5Complex multi-step tasks, tool use
OpenAIGPT-5.4, GPT-5.3General tasks
DeepSeekV3, R1Cost-conscious deployments
GoogleGemini 3 Pro/FlashMultimodal needs
Local (Ollama)Llama, Mistral, Qwen, 100+Full privacy, zero API cost

Steinberger recommended Claude for its prompt-injection resistance and multi-step tool use. Local models via Ollama give you zero data egress — nothing leaves your machine.

The Security Problem

This cannot be glossed over. In January 2026, Kaspersky audited OpenClaw (then called Clawdbot) and found 512 vulnerabilities, 8 of them critical. SecurityScorecard’s STRIKE team subsequently found 42,900 exposed instances across 82 countries, with 15,200 vulnerable to remote code execution.

The most severe issue: CVE-2026-25253 (CVSS 8.8) — a cross-site WebSocket hijacking vulnerability enabling one-click RCE. It was patched in v2026.1.29. But the underlying architecture has structural problems:

  • Authentication is off by default. Any network exposure without a reverse proxy is a wide-open door.
  • API keys and credentials are stored in plain text in ~/.openclaw/.
  • The runtime runs as a single Node.js process with broad system access — no sandbox, no isolation.

These aren’t minor oversights. Before running OpenClaw on anything except a local development machine, you need: a properly configured reverse proxy with authentication, secrets stored in environment variables rather than config files, and ideally a container or VM boundary between the agent and the rest of your system.

NanoClaw was built specifically to address these issues with OS-level container isolation. If security is your primary concern, start there instead.

What Happened with OpenAI

On February 14, 2026, creator Peter Steinberger announced he was joining OpenAI to lead personal agent development. This was an acqui-hire — OpenClaw itself was not acquired. The project transferred to the independent OpenClaw Foundation, with OpenAI providing financial sponsorship. The codebase remains MIT-licensed, model-agnostic, and community-governed.

The foundation at openclaw.org handles ongoing governance. Development continues publicly at the GitHub repo.

Our Take

OpenClaw is the most feature-complete, community-backed self-hosted agent runtime currently available. The use cases are real: developers using it as a personal productivity layer, solo founders running automated research and marketing agents, teams managing Slack bots that actually do things.

The security situation is the caveat that can’t be ignored. The critical vulnerabilities from January have been patched, but the default configuration is dangerous if exposed to a network. Running it locally on a Mac Mini with good API key hygiene is fine. Deploying it on a VPS and exposing the port is not.

Treat OpenClaw as what it is: an early-stage platform with an exceptional community and real rough edges. If that sounds right for your use case, it’s worth the setup.

Best for: Technical users building personal automation, solo founders wanting a 24/7 AI assistant across messaging platforms, developers experimenting with agentic workflows.

Skip if: You need hardened production security out of the box. Look at NanoClaw instead, or wait for the foundation to address the architecture issues.

## Pricing

Best Value
Open Source
$0
  • All features included
  • 100+ bundled AgentSkills
  • 30+ messaging platform integrations
  • Browser automation via Playwright
  • Local memory (Markdown-based)
  • MIT license — commercial use OK

Last verified: 2026-03-03.

## The Good and the Not-So-Good

+ Strengths

  • 247k GitHub stars — most active agentic platform community by far
  • 30+ messaging channels in one runtime (WhatsApp, Telegram, Slack, Discord, Signal, iMessage)
  • Proactive, always-on execution — agents initiate tasks, not just respond
  • 13,700+ community-built skills in ClawHub registry
  • Local-first with full local model support via Ollama (zero data leaves your machine)
  • Model-agnostic: Claude, GPT-5.4, DeepSeek, Gemini, local models
  • Completely free, MIT licensed, no vendor lock-in

− Weaknesses

  • 512 vulnerabilities found in Jan 2026 audit (8 critical); architecture still maturing
  • API keys stored in plain text by default — requires manual hardening
  • No authentication enabled by default — dangerous on any networked deployment
  • 500,000+ lines of code across 70+ dependencies — hard to audit, hard to understand fully
  • Windows only via WSL 2 (no native support)
  • Browser automation reliability varies by site (Playwright dependency)

## Security & Privacy

YES Open source (auditable) — Full source code on GitHub under MIT license
NO Authentication enabled by default — Auth is disabled by default. Must be manually configured before network exposure.
NO API key / credential storage — Stored in plain text in ~/.openclaw/ config files. Use environment variables or secrets manager.
PATCHED Critical CVEs patched — 8 critical vulnerabilities from Jan 2026 Kaspersky audit patched in v2026.1.29. CVE-2026-25253 (CVSS 8.8) was remote code execution via WebSocket hijacking.
NO Container isolation — Single Node.js process with shared memory. See NanoClaw for container-isolated alternative.

## Who It's For

Best for: Developers and technical users who want a self-hosted autonomous AI agent connected to their messaging apps and services — and who can take responsibility for hardening the deployment.

Not ideal for: Teams that need production-hardened security out of the box, non-technical users, or anyone deploying on a shared or publicly-accessible server without careful configuration.

## Worth Considering Instead

🔒
NanoClaw
Security-first · Container isolation · Agent swarms
Try OpenClaw — The 247K-Star AI Agent Platform You Can Run at Home → GitHub →
Published Mar 3, 2026 · 7 min read