Sign in Subscribe
open-source

OpenClaw Explained: How the Fastest-Growing Open-Source Project Became a Self-Hosted AI Agent for Everyone

Michael Soto

4 min read
OpenClaw Explained: How the Fastest-Growing Open-Source Project Became a Self-Hosted AI Agent for Everyone

You've probably heard the name by now. OpenClaw went from zero to 250,000 GitHub stars in roughly 60 days, surpassing React as the most-starred software project on the platform. React took over a decade to get there. OpenClaw did it before most people figured out what it actually does.

So let's fix that.

What OpenClaw Actually Is

OpenClaw is an open-source AI agent that runs on your own hardware. Not a chatbot. Not a copilot. An agent that executes real tasks on your behalf.

You message it through WhatsApp, Telegram, Slack, Discord, Signal, or any of 20+ messaging platforms. It reads your emails, manages your calendar, runs terminal commands, deploys code, automates browser tasks, and maintains memory across sessions. Think of it as a personal operations assistant that never sleeps.

The key difference from ChatGPT or Claude? You're not copying and pasting answers. OpenClaw acts. It logs into services, fills out forms, monitors systems, and reports back through the same chat thread you use to talk to your friends.

Why Everyone Is Talking About It

The growth story is wild. Austrian developer Peter Steinberger built the prototype in a single hour because, in his words, he was "annoyed that it didn't exist." Steinberger isn't some unknown hobbyist. He previously founded PSPDFKit, a PDF toolkit used by apps serving nearly a billion users, and sold it for roughly 100 million euros in 2023.

OpenClaw (originally called "Clawdbot," then briefly "Moltbot" after an Anthropic trademark complaint) caught fire in late January 2026. Within two weeks, it hit 190,000 stars. By March 3, it crossed 250,000, with over 1,000 contributors and an estimated 300,000-400,000 users worldwide.

On February 15, Steinberger announced he was joining OpenAI. Sam Altman called him "a genius with a lot of amazing ideas about the future of very smart agents." The project moved to an independent 501(c)(3) foundation, keeping its MIT license and community governance intact. OpenAI sponsors the project but does not own the code.

What Makes It Different

Three things set OpenClaw apart from every other AI tool:

It's model-agnostic. You pick the brain. Claude, GPT-4o, Gemini, Mistral, or fully local models through Ollama. Your data, your choice, your costs.

It's messaging-first. No new app to learn. You text your AI through the apps you already use. Need to deploy a fix from the airport? Message it on WhatsApp. Want a morning briefing? It sends one to Telegram at 7 AM.

It runs on your infrastructure. Everything stays on your servers. No data leaves your network unless you explicitly configure it to. For businesses dealing with GDPR, HIPAA, or industry-specific compliance, this is the whole point.

Real-World Use Cases (Not Hype)

Here's what people are actually doing with OpenClaw:

Email triage at scale. One user cleared 4,000+ emails in two days. OpenClaw auto-categorized messages, unsubscribed from newsletters, and drafted replies for review.

Business monitoring. Connect it to Google Analytics, Stripe, or your monitoring stack. It fetches metrics on schedule and posts summaries to your Slack channel.

DevOps from your phone. Review pull requests, run tests, check CI/CD pipelines, and merge code. All from a Telegram conversation while you're away from your desk.

Content operations. Multi-agent workflows that research topics, draft content, optimize for SEO, and queue posts. Teams report measurable increases in organic traffic.

Morning briefings. Pull from calendars, weather, emails, RSS feeds, GitHub notifications, and Hacker News into a single daily summary delivered before your first coffee.

The Security Question (Be Honest About This)

Look, I'm going to be real with you. OpenClaw's rapid growth has exposed serious security concerns, and ignoring them would be irresponsible.

Researchers found over 42,000 exposed OpenClaw instances on the public internet. The default configuration originally bound to all network interfaces instead of localhost only. Critical vulnerabilities like CVE-2026-25253 (a one-click remote code execution via WebSocket hijacking) were discovered and patched, but not before thousands of instances were left exposed.

The ClawHub skills registry had an even bigger problem. Roughly 20% of published skills (about 800 packages) were found to contain malicious code, including credential stealers and backdoors. South Korea restricted its use. Meta banned it internally. China's industry ministry issued warnings.

This doesn't mean OpenClaw is unusable. It means you need to deploy it correctly: bind to localhost, use authentication, vet skills before installing, and keep it updated. Or better yet, let someone handle the security configuration for you.

How to Get Started

You have three options:

Option 1: Run it locally. Install via npm (npm install -g openclaw), run the onboard wizard, connect your messaging platform, and pick an LLM backend. You'll need Node.js 22+ and at least 2 GB of RAM.

Option 2: Docker. Pull the official image and run it with Docker Compose. Mount your config and workspace directories as volumes so everything persists across restarts.

Option 3: Deploy on Elestio. One-click deployment with automated backups, SSL, monitoring, and security hardening already configured. No exposed ports, no misconfigured defaults. Starting at $16/month on Elestio with NVMe storage included.

For businesses that want OpenClaw running in production without worrying about the security pitfalls, managed hosting eliminates the configuration risk entirely.

The Bottom Line

OpenClaw is the first open-source AI agent that feels like it was built for regular people, not just developers with a weekend to burn. Message it like a friend, and it handles the rest.

The security concerns are real but solvable. The use cases are practical, not theoretical. And the fact that it runs on your own infrastructure means your data stays yours.

Whether OpenClaw becomes the default AI assistant for the next decade or gets overtaken by something better, the pattern it established is here to stay: AI agents that live in your messaging apps, run on your hardware, and actually do things.

The question isn't whether you'll use an AI agent. It's whether you'll host your own.

Thanks for reading ❤️ See you in the next one 👋

Sign up for more like this.

Enter your email
Subscribe