OpenClaw appeared on the internet in late 2025 and immediately became one of the most talked-about open-source projects in years. By March 2026, it had surpassed 313,000 GitHub stars — a record for the fastest-growing repository in GitHub’s history. If you’ve heard the name but aren’t sure what it actually is, this guide is for you.
We’ll explain exactly what OpenClaw does, how it works technically, what the real security situation looks like, and how businesses can evaluate whether it’s right for them.
What OpenClaw Is (and What It Isn’t)
Let’s be direct: OpenClaw is not a chatbot.
ChatGPT, Claude.ai, and similar tools are interfaces where you type a question and get a response. That’s a conversation. OpenClaw is fundamentally different — it’s an autonomous AI agent that connects a large language model to your actual computer, your files, your email, your calendar, and your browser, then executes tasks without you doing the steps manually.
The difference in practice:
- Chatbot: “Draft an email to my client about the meeting tomorrow.” You copy the text. You go to Gmail. You paste it. You send it.
- OpenClaw: “Email my client about the meeting tomorrow.” OpenClaw drafts it, opens Gmail, pastes it, and sends it. Done.
You interact with OpenClaw through the messaging app you already use — WhatsApp, Telegram, Discord, Slack, Signal, or 20+ others. You send a message as if texting a very capable assistant. The AI agent receives it, figures out what needs to happen, and does it.
How OpenClaw Works Technically
OpenClaw is a TypeScript/Node.js service you install on a computer or server. Once running, it acts as a bridge between three layers:
- The input layer: your messaging app (WhatsApp, Telegram, etc.)
- The brain: a large language model API (Claude, GPT-4, DeepSeek, or a local model via Ollama)
- The action layer: a set of tools the AI can use — file system access, browser control, shell commands, email, webhooks, calendar, and 13,700+ community-built “skills” from the ClawHub marketplace
When you send a message to your OpenClaw agent, here’s what happens in sequence:
- Your message arrives at the OpenClaw daemon running on your machine or VPS
- OpenClaw passes your message to the LLM API with context about what tools are available
- The LLM decides which tools to use and in what order
- OpenClaw executes those tool calls (opens a browser, reads a file, sends an API request)
- Results are compiled and sent back to you as a reply in your chat
This loop happens continuously. You can ask it to do things once or set up recurring tasks with cron schedules. OpenClaw can monitor your inbox every morning, send you a briefing, and then wait for your next instruction — all without you touching a keyboard.
Installation Overview
OpenClaw installs via npm. The basic setup is:
npm install -g openclaw@latest
openclaw onboard --install-daemonThe onboard command walks you through connecting a messaging platform, choosing your LLM provider, and setting your API keys. A full installation on a fresh Linux VPS typically takes 20-45 minutes for someone comfortable with the terminal.
We cover this in detail in our complete installation guide.
What Can OpenClaw Actually Do?
The capabilities depend on which skills you install, but out of the box OpenClaw can:
Communication & Email
- Read and summarize your email inbox
- Draft and send emails on your behalf
- Filter and prioritize messages by urgency
- Set up auto-responses for common queries
Scheduling & Calendar
- Book meetings and create calendar events
- Send meeting confirmations and reminders
- Reschedule conflicts automatically
- Generate daily agenda briefings each morning
Research & SEO
- Crawl websites and extract structured data
- Run competitor analysis reports
- Track keyword rankings and send alerts
- Summarize news and industry updates
File & Document Management
- Read, write, and organize files on your system
- Generate reports in markdown or PDF
- Summarize long documents
- Extract data from spreadsheets
Web Automation
- Control a Chrome/Chromium browser
- Fill forms, extract data, navigate sites
- Automate repetitive web-based tasks
- Monitor pages for changes
Business Workflows
- Trigger webhooks when conditions are met
- Integrate with external APIs
- Build multi-step automation pipelines
- Chain tasks that depend on each other
OpenClaw Skills: The Marketplace
ClawHub is the community marketplace for OpenClaw skills — installable packages that add new capabilities. As of March 2026, there are 13,700+ skills covering everything from Shopify integration to LinkedIn automation to smart home control.
However — and this is important — a Bitdefender security audit found that roughly 1 in 5 packages on ClawHub contained malicious code. 1,184 malicious skills were identified. Installing random skills from the marketplace without vetting them is a genuine security risk.
Our recommendation: only install skills from trusted publishers, review the source code before installing, and never install skills that request unnecessary permissions.
The Creator and Project Status
OpenClaw was created by Peter Steinberger, an Austrian iOS developer who became known in developer communities for building developer tools. He originally built OpenClaw as a weekend project to relay WhatsApp messages to his AI assistant. The project went through several name changes — WhatsApp Relay, Warelay, Clawd, Clawdis, Clawdbot, Moltbot — before landing on OpenClaw in late January 2026 after a trademark dispute with Anthropic.
On February 14, 2026, Sam Altman announced that Steinberger is joining OpenAI to drive the next generation of personal AI agents. OpenAI did not acquire OpenClaw — Steinberger joined as an employee. The project is being transitioned into an open-source foundation with OpenAI as a supporter. It remains MIT-licensed and free.
The Security Reality: What Businesses Must Know
Here’s the uncomfortable truth that a lot of OpenClaw content glosses over: OpenClaw has serious security issues that make it unsuitable for unassisted business deployment.
A comprehensive security audit found:
- 512 total vulnerabilities in the codebase
- 8 classified as critical, including CVE-2026-25253 — a one-click remote code execution vulnerability with CVSS score 8.8
- 135,000+ publicly exposed instances found by Bitdefender on the open internet
- 1,184 malicious skills identified on ClawHub
- The Dutch Data Protection Authority issued a formal warning about OpenClaw’s cybersecurity and privacy risks
The project itself acknowledges this. The README states: “not recommended for production environments before v1.0.”
This doesn’t mean OpenClaw is unusable — it means it requires expert deployment. CVE-2026-25253 was patched in versions released after 2026-01-29. Many of the exposed instances were running outdated versions or had been misconfigured with public IP access and no authentication.
A properly deployed OpenClaw — on a private server, with authentication, behind a firewall, using a vetted skill set, with automatic updates — is a different proposition from a carelessly deployed one.
OpenClaw and GDPR Compliance
European businesses operating under GDPR need to understand OpenClaw’s architecture, which creates two distinct data flows:
The self-hosted component (the OpenClaw daemon running on your server) is fully under your control. Data processed locally never leaves your infrastructure. This is the GDPR-friendly part.
The LLM API calls are a different matter. Every time OpenClaw sends your data to Claude (Anthropic) or GPT-4 (OpenAI), that data travels to US servers. This creates a cross-border data transfer issue under GDPR Chapter V.
The solution is to use:
- Local models via Ollama — keeps everything on-premise, no data leaves your server
- EU-based API providers if they exist for your chosen model
- Hetzner or other EU cloud providers for hosting, combined with data minimization practices
We cover this comprehensively in our OpenClaw & GDPR guide.
Is OpenClaw Right for Your Business?
OpenClaw is a strong fit if:
- You have repetitive, rule-based digital tasks eating hours every week
- You’re comfortable with (or have access to) technical support for setup
- You want AI automation without giving a SaaS company access to your data
- You can run it on a dedicated server with proper security controls
It’s not the right choice if:
- You need enterprise-grade compliance and SLAs today (wait for v1.0)
- You have no technical resources to maintain it
- Your workflows involve highly sensitive data without a local-model option
From OpenClaw to Klawty: The Production-Ready Evolution
OpenClaw proved that open-source AI agents could work. But “can work” and “should deploy in production” are two different things. The 512 vulnerabilities, the malicious ClawHub skills, the pre-v1.0 stability warnings — these are real barriers for any business that needs reliability, not just possibility.
That’s why d-code built Klawty.
Klawty is d-code’s production-hardened agent operating system, built on the OpenClaw foundation. We forked OpenClaw, integrated NemoClaw’s enterprise security layer, and added everything that was missing for real-world deployment:
- Deny-by-default policy engine — agents can only do what you explicitly allow, not everything unless you block it
- PII router — automatically detects and routes personal data away from cloud LLMs, keeping sensitive information on-premise
- Docker sandbox — every agent runs in an isolated container, so a compromised skill can’t reach your server
- Runtime integrity verification — continuous monitoring that agent behavior matches declared permissions
- Credential vault — API keys and secrets never touch agent memory or logs
- Pre-vetted skill library — all 52 OpenClaw community skills plus 39 premium domain skills, every one security-audited
Klawty runs the same OpenClaw skills, connects to the same messaging apps, and uses the same LLM providers. The difference is that it ships with the security, governance, and operational tooling that OpenClaw will take years to build — if it ever does.
Think of it this way: OpenClaw is Linux. Klawty is Ubuntu. Same foundation, but one is ready to deploy.
The Opportunity
Most businesses are underserved by enterprise AI tooling — which is expensive, complex, and often not privacy-aligned by default. OpenClaw, deployed correctly, fills a genuine gap: powerful AI automation that you own and control, at a fraction of the cost of enterprise alternatives.
At d-code, we took that gap and filled it with Klawty — giving businesses all the power of OpenClaw’s 313K+ star ecosystem with the security and governance that production deployments demand.
Ready to deploy? Try Klawty — the production-ready agent OS built on OpenClaw. Self-host it, or use the AI Agent Builder managed platform and skip the infrastructure entirely.
Want help deciding? Book a free consultation — we’ll map your workflows, identify automation opportunities, and tell you honestly which path is right for your situation.
Next in this series: How to Install OpenClaw: Step-by-Step Guide