OpenClaw Review: Impressive But Not For Everyone

What Even Is OpenClaw?

Nvidia's CEO Mr. Jensen Huang compared it to a personal computer.

Chinese parent group chats got clogged with tips on "raising a lobster."

GitHub's fastest-growing repo ever.

So what actually is this thing?

It's a free & open-source AI agent you run on your own machine. Feed it API keys to ur LLM and it starts doing things without waiting to be asked, stuff like automated and boring tasks. Peter Steinberger built it as a hobby after selling his previous company, PSPDFKit. It hit 320,000 GitHub stars in under a week.

The Core Pitch: Your Data Stays With You

Most AI tools require you to go to their interface and chat with a chatbot. OpenClaw runs inside WhatsApp, Telegram or Discord. Everything stays on your hardware and nothing gets routed through a company's server.

Privacy-conscious is its Unique Selling Point on top of many other ground-breaking features!

The Self-Improving Loop and ClawHub

If OpenClaw hits a task it can't handle, it writes new code for it, installs the dependencies, tests it, and folds the new capability into its workflow mid-session.

ClawHub, the skill marketplace, has over 3,000 community-built add-ons: stock tracking, browser automation, research pipelines and stranger things than I expected going in.

The Setup Problem Nobody Talks About Enough

OpenClaw is a Node.js daemon. And before you even start, you should probably have a clear answer to the question: Do I actually want an AI agent with shell access running in the background on this machine?

The trend right now is that many people are using Mac minis (best value for money) to host their AI agent locally.

Steinberger has said his goal is to build "an agent even my mum can use." He knows it isn't that yet. The question is how long that gap stays open because right now it's filtering out a lot of people who might otherwise use it.

The Security Holes Are Not Small

In February 2026, Oasis Security published CVE-2026-25253. Visiting a single attacker-controlled webpage was enough to hand over full control of a running OpenClaw instance. One page load was all it required. The exploit worked because OpenClaw's local WebSocket gateway trusted localhost connections without rate-limiting. Once inside, attackers could pull API keys, read config data and run arbitrary commands on the host machine.

Censys found over 21,000 exposed instances sitting openly on the public internet.

ClawHavoc

In late January 2026, a campaign dubbed as "ClawHavoc" by researchers found 335 malicious skills uploaded to ClawHub in a coordinated push. Amongst them, about 12% of the entire marketplace at the time. The VirusTotal integration was supposed to screen for this but it was not fast enough to stop real damage.

While impressive, OpenClaw is a tool running with elevated system permissions and those numbers should scare you more than they apparently scared the people who left their instances exposed.

China's adoption

Chinese cities offered subsidies up to 20 million yuan for businesses building on OpenClaw. The "raise a lobster" meme spread from developer circles into general consumer territory so fast that it ended up in primary school parent group chats. Premier Li Qiang referenced AI agents in the state work report for the first time in history.

The same government then banned OpenClaw from state agencies, banks and military networks, citing the exact security risks listed above.

Both events happened within weeks of each other.

Future of OpenClaw

Manus, Claude Code, Perplexity Computer are closing in the gap fast.

For OpenClaw to hold its ground, its security model has to improve. Maybe that is the double-edged sword of open-source softwares...too many cooks spoil the broth.

But the competitors aren't waiting.