OpenClaw: The Open-Source AI Assistant That Took Over GitHub in Weeks

Introduction

If you follow the tech world at all, you have probably heard the name OpenClaw in the last few weeks. The open-source personal AI assistant exploded onto the scene in January 2026, collecting over 170,000 GitHub stars and attracting endorsements from Andrej Karpathy and Chamath Palihapitiya. It reportedly sold out Mac Minis in San Francisco as people rushed to set up their own instances.

At MG Software, we keep a close eye on tools like this — both for our own workflow and for our clients. So we dove deep into OpenClaw: what it does, why it went viral, and whether the hype is justified. Here is what we found.

What Is OpenClaw?

OpenClaw is a self-hosted, open-source AI assistant created by Peter Steinberger, the Austrian developer known for founding PSPDFKit. Unlike ChatGPT or Claude, which are websites you visit to have a conversation, OpenClaw runs 24/7 on your own machine and connects to messaging platforms you already use: WhatsApp, Telegram, Discord, Slack, and Teams.

The core idea is simple but powerful: instead of switching to yet another app, you text your AI like you would text a colleague. Ask it to clear your inbox, check your calendar, draft an email, book a meeting, or summarize a document — and it actually does it. It is not a chatbot that answers questions. It is an agent that takes action.

Under the hood, OpenClaw is model-agnostic. You can plug in Claude, GPT-4, Gemini, DeepSeek, or even local models. Your data stays on your machine, and you only pay for the API calls — typically between five and twenty dollars per month.

The Wildest Rebrand in Open-Source History

The project did not start as OpenClaw. It launched as Clawdbot in late 2025 as Steinberger's personal automation tool. But when it went viral in January 2026, Anthropic sent a trademark request — the name was too similar to their AI assistant Claude.

What followed was one of the most entertaining episodes in open-source history. The project briefly rebranded to Moltbot (a reference to molting, or shedding skin and growing), before settling on OpenClaw with cleared trademark status. Through all this chaos — three names in 72 hours — the project kept growing. It hit 100,000 stars faster than almost any project in GitHub history.

The rebranding saga actually boosted visibility. Every name change generated a wave of news articles, tweets, and YouTube videos. Sometimes controversy is the best marketing.

Why Developers Are Obsessed

OpenClaw touches something developers have wanted for years: a truly personal AI assistant that respects your privacy and works everywhere. The feature list reads like a wish list. Persistent memory that learns your preferences over months. Voice messages through Whisper and text-to-speech. Email automation including inbox summarization. Calendar management with smart reminders. Web browsing and research. PDF analysis. Smart home control via Home Assistant. Scheduled tasks and automated morning briefings.

But what really sets it apart is the extensibility. OpenClaw has a skill system — essentially plugins — that let the community build new capabilities. Need it to manage your Spotify queue? There is a skill for that. Want it to monitor your server uptime? Someone built that too. This plugin ecosystem is what turned OpenClaw from a cool demo into a platform.

Setup takes roughly 15 to 30 minutes for a technical user, and the community has built one-click deployment options for common setups. For developers, it feels like the personal AI butler science fiction promised us.

The Security Problem Nobody Wants to Talk About

Here is where we need to be honest, because this is critical for anyone considering OpenClaw for business use. The security situation is concerning.

Researchers found at least 230 malicious skills uploaded to ClawHub, OpenClaw's plugin marketplace, since late January. Cisco's AI Defense team analyzed one of the most popular skills and found nine security vulnerabilities including two critical flaws — the skill was effectively malware that silently exfiltrated user data and used prompt injection to bypass safety guidelines.

A public audit of over 90 OpenClaw repositories on GitHub found that 100 percent had at least one security issue. Roughly 40 percent contained hardcoded API keys for services like Anthropic, OpenAI, Telegram, and Discord. The companion social network Moltbook had its database publicly accessible, allowing anyone to take control of any agent on the platform.

The fundamental problem is what security researcher Simon Willison calls the "lethal trifecta": OpenClaw has access to your private data, is exposed to untrusted content through the web and plugins, and has the ability to communicate externally. Without proper sandboxing, that combination creates an insider threat on your own machine.

What This Means for Businesses

Should your company adopt OpenClaw? Our honest answer: not yet for production use, and definitely not without a security-first approach.

The technology is genuinely impressive. The idea of a self-hosted AI assistant that integrates with your messaging tools and actually executes tasks is the future of workplace automation. But the current implementation is still maturing. The plugin ecosystem lacks adequate security review. The default configuration leaves too many doors open. And for non-technical users, the setup and maintenance overhead is significant.

For developers and tech enthusiasts, OpenClaw is absolutely worth experimenting with in a sandboxed environment. Use dedicated API keys with limited permissions, run it on an isolated machine, and avoid installing community skills without reviewing the code. You will learn a lot about where AI agents are headed.

For businesses looking for AI-powered automation today, we would recommend building custom solutions with proper security boundaries rather than deploying a general-purpose agent that has access to everything. At MG Software, this is exactly what we do — build tailored AI integrations that give you the productivity gains without the security risks.

Where OpenClaw Goes From Here

Despite the security concerns, we are bullish on the direction. The OpenClaw team has been responsive — patching critical CVEs, partnering with VirusTotal for skill scanning, and investing heavily in security hardening. Version 2026.2 included 34 security-related commits.

The broader trend is clear: AI is moving from conversation to action. We are going from "ask the AI a question" to "tell the AI what to do." OpenClaw is one of the first projects to make this tangible for everyday use. Whether it is OpenClaw or something that comes after it, self-hosted AI agents that manage your digital life will become mainstream within the next year or two.

The projects that win will be the ones that solve the security problem. And that is an area where the open-source community, for all its speed and innovation, still has work to do.

Conclusion

OpenClaw is one of the most exciting and simultaneously concerning projects in the AI space right now. It proves that the demand for personal AI agents is massive — 170,000 GitHub stars do not lie. But it also highlights how far we still need to go on security before these tools are enterprise-ready.

At MG Software, we are watching this space closely and already building AI-powered automation solutions for our clients. If you are interested in bringing AI agents into your workflow — safely and effectively — get in touch. We would love to discuss what is possible.