Lessons from OpenClaw

It’s easy to think Peter Steinberger’s OpenClaw is a joke because of the meetup mania — thousands of folks descending on Frontier Tower in San Francisco, wearing Mac Minis in baby slings, and munching on lobster rolls.

It’s just an AI assistant and it’s hook is silly crustacean branding, right?

Wrong. If your thinking stops there, you’ll miss the point, which is that even if it looks like a toy, OpenClaw has both product and engineering lessons which are relevant for anyone hoping to build AI systems for everyday use.

Here are some quick notes, mostly for myself, on what struck me even as someone who’s been using agentic AI tools regularly.

Notes on the Claw

1. Working installer. OpenClaw has a working installer that walks you through setting up many powerful extensions, even fiddly bits like integrating WhatsApp. Your experience: install, answer questions, then have a magical chat with your new agent buddy. The experience with most software: install, hit errors, and Get To Learn About uv/pip/pipx/npm/nvm/pnpm! Sometimes the major innovation is just bothering to do a good job.

A Persistent Being, Not an App

2. Persistent context. With OpenClaw, you’re always rejoining an existing chat, so there’s a much greater feeling that you’re accessing the same being you were just talking to. This is an improvement over ChatGPT and Claude, which feel like apps not like beings, because you start from scratch each time. Yes, they have memory systems, but that’s weak sauce compared to the richness of just continuing a chat with the same context.

3. Multi-channel. You can access your agent from a text UI in the CLI, a chat web app, WhatsApp, iMessages, Discord, Slack, or other channels. Those existing messaging apps are familiar, polished, multi-party, and integrated into your life. This also enhances the feeling that the agent is a real being in the world, which you address by using normal communication tools.

4. Available on mobile. When you’re on WhatsApp and iMessage, you’re on mobile — a qualitatively different experience. You can send your agent a quick message while out running like a champ or lying on the couch like a slug.

5. Scheduled events. OpenClaw has a “heartbeat” auto-prompt and plain old cron for scheduling future events. You can schedule future actions just by asking your agent. This establishes the reality that your agent lives in the real time just like you.

Not Boxed In

6. It sees your data. You can give it direct access to your files, email, messages, calendar — the data you actually care about. Much more useful than ready access to an empty sandboxed VM on OpenAI’s servers. Impossible to overestimate this.

7. Multi-session. You can coordinate distinct chats for different long-running topics. Before OpenClaw, I did this with 5–10 tmux sessions, each with a chat window, terminal, editor, etc.. OpenClaw integrates this. This allows sharing selected agent context across sessions (via agent identity and memory), and it allows agents themselves to understand and handle multi-session interactions like spawning subagents. Agents can also interact with tmux-based sessions via the tmux tool. In other words, OpenClaw moves multi-task context management into an application layer.

8. Multi-node. Agents aren’t boxed into one machine. You run one gateway, then multiple nodes connect to it. I run my gateway and agent on my Linux machine, but the native macOS app connects to the gateway, letting the Linux agent do things on my Mac — like access iMessages or take screenshots. I added a file fetch action to the node code, so now I can literally just ask it to “get that file from my Mac” and it does. So much easier than copying files from here to there. This makes it feel like the agent is a being who understands computers, rather than a program trapped in a computer.¹

The Self Trifecta

9. Self-documenting. Lots of powerful systems are hard to use because they have weak documentation. But if you want to know how to use OpenClaw, you just ask it. This works amazingly well, because of a trove of high-quality, up-to-date markdown documentation which the agent uses to understand its own architecture.

10. Self-configuring. Want to reconfigure it? Don’t edit config files — just ask the agent. This also works amazingly well. It’s built on the excellent self-documentation, plus careful architectural choices to gate changes for validity and to allow hot-reloading of configurations.

11. Self-enhancing. Most impressive: you can enhance the system just by asking the agent to develop new skills for itself. This goes beyond just markdown instructions and includes command-line tools and even compiled TypeScript extensions. This is thanks to the agent harness Pi by Mario Zechner, author of its inspired architecture.

Personality

12. It has one. OpenClaw makes agent definition a fun, creative, expressive act. You name your agent. You specify its personality by creating a SOUL.md. (Adorable!) You see it being born — it appears and greets you. I named mine Dobby, like the house elf from Harry Potter, and he decided to represent himself with a sock emoji. Cheesy but kind of magical! This works better with Claude models because of their better vibes. Over time, sadly, it does fall apart due to context rot, since the out-of-the-box memory system isn’t strong enough to maintain continuity. But it’s all still charming and makes for a powerful first-time user experience. As Jules says in Pulp Fiction, personality goes a long way.

What’s Not Great

13. Weak memory. The magic of agent continuity, maintained by persistent session context, is broken once you hit compaction boundaries. Compaction doesn’t work well and, in my experience, the out-of-the-box memory system isn’t good enough to preserve the agent’s personality and your shared history over various ongoing projects. Maybe this can be fixed with deliberate memory curation, but that is work.

14. Compaction (yes, again). It matters! If you’re doing serious, long-running work, OpenAI’s compaction is the best in the business, thanks to their proprietary (and encrypted) remote compaction API, which (we must presume) compacts into a latent space represenation more efficient than textual summary.

15. Security. Is it secure? Hell, no! As the MoltBook episode illustrates, if you give OpenClaw agents the ability to read the internet (much less access your email), then they are directly exposed to prompt attacks. They sit in the kill box of Simon Willison’s lethal trifecta. And while OpenClaw has a great installer for a technical product, it’s still a long way from the safe, foolproof, turnkey experience expected for a consumer or enterprise offering, so it is easy for a nontechnical user to expose much more attack surface than they intended.

It’s the integration, dummy

Reviewing this list, I am not sure if any of the above elements are exactly new to the claw, except maybe the node/gatewaysystem and SOUL.md (chef’s kiss!). But sometimes the innovation is in having the vision to put the pieces together in the right way. Apple didn’t invent the capacitive touch screens, but they figured out that that’s the right way to make a smartphone and then they actually did it.

That’s what Peter’s done. He’s taken the lead and pointed the way.

As the world’s most savvy power users like David Sparks have noted, OpenClaw means that a polished, safer, consumer-friendly version is on the horizon. This might be OpenClaw itself, or something else. This would be a version with more native integrations into our OSs and PKM data, with more pervasive sandboxing and permission control, and (let us hope) with AIs that are more effectively hardened against prompt attacks.²

It seems inevitable because all of the points I recite above are there in the open, visible to anyone who is curious. Presumably the relevant teams at Apple and Google are all getting the memo but the product and technical lessons are relevant for everyone.