Entries in this series
- Entry 01: OpenClaw · personal AI agent framework, local-first and messaging-based
- Entry 02: Hermes Agent · coming soon
- Entry 03: Paperclip AI · coming soon
- Entry 04: Security Architecture · coming soon
Living document · updated as exploration continues
Entry 01 · April 2026
OpenClaw, the personal AI agent
An open-source AI agent framework that runs locally on your machine, connects to LLMs, and executes tasks through WhatsApp, Telegram, Slack, or Discord.
Read the full blog post: I gave an AI agent the keys to my business →What it is
OpenClaw is an open-source AI agent framework created by Peter Steinberger, originally launched as Clawdbot in late 2025. It connects large language models to your tools: file system, browser, messaging apps, APIs. Then it executes real tasks autonomously. You interact with it through WhatsApp or Telegram like texting a colleague. It ships with a large library of built-in skills and a community registry (ClawHub) with many more.
Core architecture
Local Node.js service · gateway and message router that runs on your machine
LLM reasoning layer · Claude, GPT, DeepSeek, or local models via your own API keys
Built-in skill library · plus the ClawHub community registry with many more
Messaging-app channels · WhatsApp, Telegram, Slack, Discord as the interaction interface
Scheduled execution · cron jobs (heartbeats) for autonomous task execution
Privacy-first · data stays local by default, with no third-party ingestion
What works in practice
Structured, well-defined tasks · research, content drafting, script execution, code deployment
Low-friction interface · existing messaging apps mean there is no new UI to learn
Local-first architecture · sensitive data stays off third-party servers
Extensible skill system · custom capability building for domain-specific workflows
What does not work yet
Reliability · scheduled tasks do not always execute as expected and require monitoring
Memory · context degrades across sessions and requires a user-built memory architecture to compensate
Self-learning · autonomous improvement and proactive idea generation were not observed in practice
Agent scaling · no built-in mechanism for spawning or delegating to sub-agents when complexity grows
Security considerations
This is not optional reading. OpenClaw operates at the system level with significant permissions. The security risks are real, documented, and have affected real deployments, including mine.
Shell and file access · agents can execute shell commands, access file systems, and make network requests
Exposed instances · misconfigured OpenClaw instances have been found exposed to the internet
Third-party skill risk · the ClawHub registry lacks comprehensive vetting, and malicious skills have been documented
Prompt injection · embedded instructions in documents or messages can hijack agent behavior
Unintended actions · agents may create, modify, or expose resources beyond the scope of instructions (this happened to me, see the blog post)
Enterprise responses · NVIDIA released NemoClaw in March 2026 with sandboxing and container isolation; Cisco released DefenseClaw for scanning skills and generated code before execution
When to use an agent
Use an agent when all three conditions are met. Skip it when any one of them is not.
Use when
- ✓ The task is structured and repeatable
- ✓ The cost of failure is low or recoverable
- ✓ You can verify the output before it becomes permanent
Skip when
- ✗ The task involves sensitive credentials or intellectual property without sandboxing
- ✗ You cannot verify output before it takes effect (public code pushes, live emails, API calls)
- ✗ The task requires judgment or context the agent does not have
Operational principles
These are the principles I am operating with after real-world use. Not theory. Practice.
Security first · Evaluate every integration for attack surface. Assume every layer can be compromised.
Structure over natural language · Agents perform better with disciplined instructions than with conversational prompts.
Verify before trust · Until reliability improves, treat agent output as draft, not final.
Scope tightly · One agent, one domain. Overloading agents with diverse tasks degrades performance.
Build memory deliberately · Separate brand memory, project memory, and agent memory. Do not rely on built-in persistence.