What Is OpenClaw? The Open-Source AI Assistant with 240K+ GitHub Stars

One of the most talked-about projects in the 2026 AI tool space is OpenClaw. With over 240,000 GitHub stars, it has been called the fastest-growing GitHub project in history.

It lets you give AI instructions through messaging apps like WhatsApp and Slack, automating everything from email replies and file management to smart home control. But how many people truly understand what it can do — and what the risks are?

This article covers OpenClaw from the basics through its architecture, how it differs from Claude Code, and key security concerns.

1. What Is OpenClaw?

OpenClaw is a self-hosted, open-source AI assistant. It runs on your own machine and serves as a platform that connects large language models (LLMs) to your everyday tools and services.

The biggest difference from a chatbot is that OpenClaw can actually take action. It reads and writes files, sends messages, browses the web, runs scripts, calls external APIs — all autonomously based on your instructions.

Originally released as "Clawdbot" in January 2026, it hit 60,000 GitHub stars in just 72 hours. In February 2026, it was rebranded to "OpenClaw" with the introduction of a CLI, Docker sandboxing, and ClawHub (a skill marketplace).

2. Why Is It So Popular?

Three factors explain OpenClaw's explosive growth.

① Completely Free and Open Source

There's no license fee for OpenClaw itself. All you need is an LLM API key. It works with Claude, GPT-4, Llama 4, DeepSeek, and more.

② Works Through Messaging Apps

It supports WhatsApp, Slack, Discord, Telegram, Signal, Google Chat, iMessage (via BlueBubbles), and over 50 other platforms. No need to learn a new app — just use the chat interface you already know.

③ A Self-Improving Agent

OpenClaw can write code to create new skills on its own based on the task at hand. Ask it to "summarize the news every morning," and it will build a skill that fetches, summarizes, and sends it automatically. This is why some call it "close to AGI."

3. Key Features

A standout feature is persistent memory. Data is stored as local Markdown files, allowing OpenClaw to retain user preferences and context over weeks and months.

4. The 3-Layer Architecture

OpenClaw's architecture consists of three layers. Rather than relying on prompt engineering to "make the LLM remember" or "behave safely," it builds a structured execution environment around the model.

Gateway Layer

The foundation layer. It gives the AI model the ability to read/write files, execute scripts, control browsers, and call APIs — all within a secure sandbox. Every operation goes through a local WebSocket gateway.

Agent Layer

Manages persistent memory and user settings. Data is stored as local Markdown files, making it easy to inspect and edit manually. The skill system (5,700+ skills for browsing, file management, app control, etc.) also runs in this layer.

Integration Layer

Bridges the AI model and 50+ third-party services — messaging apps, smart home devices, productivity suites, music platforms, and more. Users can interact with OpenClaw through their preferred channel.

5. How It Differs from Claude Code

Both OpenClaw and Claude Code are "AI agents," but their design philosophy is fundamentally different.

Scope

Claude Code is laser-focused on software development. It's optimized for reading/writing code, running tests, Git operations, and deployment. It doesn't read your email or schedule your meetings.

OpenClaw is a general-purpose automation platform for daily life. It handles email replies, schedule management, social media posts, smart home control, news summaries, and much more.

Model Flexibility

Claude Code works exclusively with Anthropic's Claude models. OpenClaw supports Claude, GPT-4, Llama 4, DeepSeek, and any Ollama-compatible local model — giving you options to control API costs.

Security Model

Claude Code runs on Anthropic-managed infrastructure with a 2-layer permission system for safety. OpenClaw is self-hosted, meaning security is entirely the user's responsibility. More on this in the security section below.

6. Pricing and Anthropic's Policy Change

OpenClaw itself is completely free and open source. However, you need an LLM API key to run it, and usage fees go to the model provider (Anthropic, OpenAI, etc.).

Anthropic's Policy Change (April 2026)

On April 4, 2026, Anthropic announced a significant policy change: Claude Code (Pro/Max) subscription quotas can no longer be used to run OpenClaw.

Previously, a $20/month Claude Pro subscription could power both Claude Code and OpenClaw. After the change, third-party harnesses like OpenClaw require API pay-as-you-go billing.

The change was driven by heavy subscription consumption from OpenClaw users. Anthropic needed to limit third-party usage that exceeded what flat-rate subscriptions were designed to support.

7. Security Concerns

Understanding the security risks of OpenClaw is critical before deploying it.

Known Vulnerabilities

In January 2026, researchers discovered CVE-2026-25253 (CVSS 8.8), a remote code execution (RCE) vulnerability that could let attackers run arbitrary code on machines running OpenClaw.

Even more concerning: over 40,000 OpenClaw instances were found exposed on the public internet, with 63% running without authentication.

Malicious Skills

Security firm Bitdefender found that 824+ skills (roughly 20%) on ClawHub (OpenClaw's skill marketplace) were malicious, primarily distributing the AMOS infostealer malware.

8. Who Should (and Shouldn't) Use It

OpenClaw is ideal for power users with server experience who want to automate daily tasks. If you'd rather focus on development and let the vendor handle security, Claude Code is the better fit.

Many users run both — "Claude Code for development, OpenClaw for everything else" is a perfectly rational setup.

FAQ