If you've never heard of openclaw (formerly moltbot, formerly claudbot), it's an open source AI tool that can actually do things in the real world. And sometimes, the things it does are actually the things you want it to do! Unfortunately, "sometimes" is doing a lot of heavy lifting in that sentence. Is Openclaw worth the massive hype it's received from people like Andrej Karpathy? I'll go over my experiences in this article.

First, though, we have to talk about security. I know, I know, that's no fun! But there are enormous security implications to this thing, although many alarmist publications have overstated them. Openclaw runs on a computer that you give it full control of. In order to do useful things, it has to have access to the tools and data. It also gets unrestricted access to the internet, leaving it open to prompt injection attacks and worse. It can also automatically download skills made by third parties, to give it new capabilities. These skills contain both prompts and code that openclaw will execute, and anyone can publish a skill. In fact, there have already been well over 300 published skills containing malware. But there are ways to mitigate this. First, don't install skills that let your openclaw regularly interact with other random openclaws. Second, run openclaw with only the permissions it needs to work for you. And third, regularly investigate what the heck it's doing and why. Openclaw is a self-modifying system, so you can't assume that the way you set it up is the way it's currently running.

Now that I'm done being a no-fun partypooper, let's talk about my actual experience. First, the install. Even though installing openclaw happens entirely on the command line, there are massive accessibility issues. It's a TUI (terminal user interface), so expect lots and lots of ascii art. Also, your screen reader won't be able to track the focus, and you'll struggle to tell what's selected, as selection is indicated only by an emoji. This is the first app I've ever used where the web interface was perfectly and completely accessible, and the command line interface was not. Some tips:

• selection is indicated by the color of a circle before the item: it will change from a white circle emoji to a black circle emoji
• you can still press y or n for yes or no, you don't have to use the arrows at these prompts
• it's safe to skip setting things up here, you can do it later on the web interface or by editing the openclaw.json file

Openclaw also requires the homebrew package manager, even if you're not on mac. Though a mac is by far the best place to run openclaw. First, everything is natively supported. Second, if you want to interact with openclaw via iMessage, or let it use calendars and reminders you have in iCal, you have to be running it on mac. Third, macs permissions system means it's easy to create an account for openclaw and keep it at least somewhat isolated. You'll also need an API key from OpenAI, OpenRouter, or one of the other dozen providers it supports.

Once I finished the install, though, my issues weren't done. The biggest issue I had was with iMessage. I want to interact with OpenClaw entirely via iMessage. However, it kept seeing its own messages, answering them, and getting into a loop. I finally determined this was an openclaw bug. It was quickly fixed, but the fix isn't in the public release yet. If you want to use iMessage, you have to run directly from github. And switching from release to development is a painful process that involves doing terrible things with git stashes and mass removal of global npm packages and a bunch of other horrors that I won't document here. If you want to run in development, do that from the start. Don't make my mistake. Another random tip is that if you want to use openrouter's auto model, you have to specify it as openrouter/openrouter/auto, not openrouter/auto. If you're noticing a pattern of random jank here, you're absolutely correct! The openclaw codebase is a sprawling mass of features, many of them have subtle bugs, and they can sometimes interact in strange ways.

So what's good about openclaw? Well, mostly, it's fun! Once I got it all working, it gave me that magical feeling of having a customizable AI that was exclusively and uniquely mine. Kind of like in those science fiction novels where the starship captain has a faithful AI partner that he's built and customized over the years. The weirdness and unpredictable bugs add to this feeling. On the downside, if you spend much time in the openclaw community, you'll find people who have been driven absolutely around the curve by this feeling. They say this is artificial general intelligence, that the singularity is here, and that they have a self-aware openclaw. None of this is true. But running an openclaw feels a lot more like that than running a corporate AI in the cloud does.

Openclaw is also just wildly convenient. I already live in iMessage, so having an AI bot right there, that can actually interact with my existing tools and complete tasks for me, is huge. The problem is that...well...it's still modern AI in 2026. Sometimes it completes the task perfectly. Sometimes it says it completed the task but didn't. Sometimes it makes up a task for itself and completes that instead. To give you an idea, in my four days of running it, here are some things my openclaw has done:

• gives me daily morning briefings based on my unread RSS feeds, calendar, weather, reminders, and interests: amazing when it works, but fails about half the time
• decided that because I was blind it should use elevenlabs to exclusively send me voice messages on Imessage: I had to tell it to stop because that was annoying
• cleaned out a bunch of reminders from 2009 that I had forgotten about: useful!
• answered general research questions as well as, or better than, gemini or chat GPT: topics included the Olympics, openclaw itself, and accessibility
• modified its own code to correct a bug I complained about: cool, but then overnight it updated to the latest code from GitHub, resulting in its fix being reverted
• randomly messaged friends: Not cool. Turns out an empty allow list means allow everything, not allow nothing. I had to fix that
• discovered my Sonos speakers and set a bunch of random alarms on them: I don't know why, I didn't ask for that. It seemed to be trying to set up alarms for my reminders. It didn't occur to me to run it on an isolated network because...well...honestly I forgot that sonos doesn't require authentication from local users. I wonder what else it will discover that I didn't correctly secure?
• tried to fix warnings in its own log file: it eventually decided the best way to fix the warnings would be to disable its own startup script. It did so, proudly told me it had solved the problem, and then quit. I mean yes, it was technically correct. The best kind of correct!
• After I said good night to end an interaction, it created a scheduled task instructing itself to "keep an eye on things while Sam sleeps": what things? It never said, and that was the only instruction it gave itself, to be executed every hour between midnight and 8 AM. I don't like it!

It's also neat how proactive it is. When first run, openclaw creates a file called heartbeat.md. Then, every 30 minutes it checks that file for any instructions, completes them, and updates the file with any new instructions. It also has a task scheduler, where it can schedule additional tasks for itself. This means that openclaw can message you out of the blue, or complete long-running or repeated tasks, in ways Gemini or Chat GPT cannot. This can be a mixed blessing, though!

Another thing that running openclaw makes obvious, that nobody wants to talk about, is just how unsustainable the cost of AI is currently. When you run openclaw, you pay for your own tokens as you go. It's not like a Chat GPT subscription where you pay 20 bucks a month and use it as much as you want. My cost for the first month of running openclaw is going to be high, because of the looping bugs causing it to send hundreds of messages to itself, and because as with any new tool, you play with it a lot. But I would estimate that between the API costs of openrouter and elevenlabs, the power costs of running local embedding and speech recognition models on an always-on mac, etc, running openclaw is going to cost me between $40 to $50 per month. If I didn't have a mac powerful enough to do some tasks locally, that cost would be around $10 to $15 higher. With the current state of technology, having a personalized and proactive AI is not cheap.

So is openclaw worth the money? Well, no. I'm doing it because it's fun, because I enjoy investigating the latest state of AI, and because I find technology like this interesting. But if you're not comfortable on the command line, and aren't ready to secure your computer and network from a chaotic neutral gremlin, don't even try. Is openclaw the future of AI? The best analogy I can give is wordpress. For a while, every single website in the world was run on wordpress. And a lot of people who had no business running anything were self-hosting wordpress, and getting hacked left, right, and center. Wordpress was written in PHP, and designed to be easy, rather than secure. While wordpress has fixed those issues, the codebase is still big, sprawling, and complex. Similarly, openclaw was designed to be convenient rather than secure. Openclaw is a big sprawling bunch of JavaScript. And a lot of people are running openclaw who don't have the skills to secure it, maintain it, or protect themselves. I suspect openclaw will get better on the security front, though like wordpress, people will just install third party plugins and skills that leave them wide open to hackers. I can imagine a world where dozens of openclaw hosts pop up that run openclaw for you, and maybe a couple of years where openclaw is as hot as wordpress. But after a while, the security issues and the maintenance burden and the cost will send people looking for something better.

For the moment, I'm running openclaw and having a good time pretending I'm a science fiction hero with my faithful AI robot. But I'm spending more time fiddling with openclaw than I am being productive with it. And just like any toy, when it stops being fun, I'll shut it down and stop paying its bills.