It’s the last week of January 2026 and the AI world is moving at Lenin’s pace: weeks where decades happen. The latest object of fascination is OpenClaw, an autonomous AI agent that’s captured the imagination of the technically adventurous. It’s had three names in a week (ClawdBot, Moltbot, now OpenClaw). That velocity tells you something about where we are.
The promise
OpenClaw is open-source and self-hosted, running locally on your hardware. It acts as a proactive personal assistant, automating tasks via natural language commands over chat apps. It remembers everything (or so it claims). It connects to many services and can learn new capabilities through “skills” files, often working without supervision.
The hype is considerable. Fans say it has changed their lives. One enthusiast claims it will power him to becoming a billion-dollar solopreneur: “I can just send it stuff to do, like make my website sell more effectively. Bang. Back it comes with a plan. Next minute its made my website more effective.” Others report quadrupling their productivity, scanning X/Twitter for business ideas and vibe-coding software products overnight.
Step back from the breathlessness and there is something here. This feels like another meaningful step toward the AI-infused personal assistant that adds to our lives rather than diminishes them. The best early prototype of this vision was Apple’s Knowledge Navigator, first shown in 1987.
SmartFriend™️ Peter recently checked progress towards Knowledge Navigator - Peter asks “Are we there yet?”.
After almost four decades, Apple’s forthcoming Siri update (now powered by Google Gemini) may deliver another leap forward. It’s needed. Siri today seems stuck in AI kindergarten.
But OpenClaw demands caution, not adoption.
The risks
The security risks are substantial. Give OpenClaw full access to your email, social media and credit cards and you’ve created a vector for prompt injection. Someone with malicious intent could email you executable code that OpenClaw simply acts on. Before you know it, your personal data is in the hands of the dark web.
The “skills” files that extend OpenClaw’s capabilities are another attack surface. Unless you verify each one, they’re a potential source of compromise.
The opensourcemalware blog documented what this looks like in practice:
between January 27-29, fourteen malicious skills targeting Claude Code and Moltbot users appeared on ClawHub and GitHub. They masqueraded as cryptocurrency trading tools while delivering information-stealing malware to macOS and Windows systems. That means anyone who installed these “helpful” tools handed over their exchange API keys, wallet private keys, SSH credentials and browser passwords to attackers sharing a single command-and-control server.
Those of us who have been around for a while are staying clear. The more adventurous are experimenting cautiously. Then there’s the cohort who’ve inhaled the hype and gone all in. (I admire their nerve, if not their risk assessment.)
The verdict
OpenClaw represents high promise and high risk. I’d classify it as “highly experimental”. Guardrails and safety mechanisms will come, but they’re not here yet.
In the meantime, we can enjoy AI advances from credible firms with strong safety records. Even then, cybersecurity risk remains. Be thoughtful about what you share with your AI assistant. The future is arriving quickly. It will reward those who approach it with both optimism and care.
Alternative: Gavriel - How I Built My Own Enterprise-Grade Clawdbot Without the Security Nightmares
“There are decades where nothing happens, and there are weeks where decades happen” - Vladimir Lenin (or did he say it? quoteinvestigator.com/2020/07/1… )