SecondBrain
Ask the Brain
Index/Sourceupdated Sat May 09 2026 08:00:00 GMT+0800 (Philippine Standard Time)

What is OpenClaw (IBM Technology)

openclawagentsagentic-loopreact-patternllmsecurity

What is OpenClaw (IBM Technology)

Cedric Clyburn explains OpenClaw — open-source personal AI agent created late 2025, now one of the most-starred GitHub projects. Walks through the Agentic Loop (ReAct pattern), the gateway architecture, and security considerations.

Key claims

  • Knowing vs doing: chatbots tell you how to schedule a meeting; agents schedule it. OpenClaw closes that gap by combining an LLM with tools and autonomous action.
  • Agentic Loop (ReAct pattern):
    1. Task arrives (Slack/iMessage/WhatsApp/etc)
    2. Agent assembles context: conversation history, long-term memory, system instructions, available tools
    3. Send to LLM for reasoning
    4. LLM decides: need a tool? If yes, execute and feed result back into context
    5. Loop reasoning ↔ acting until no tool needed
    6. Final response back to user
  • OpenClaw architecture: Node.js service, hub-and-spoke with a central Gateway (always-on WebSocket; routing, sessions, multi-agent management, tool dispatch).
  • Adapters unify incoming sources (Slack, iMessage, Teams, Discord, WhatsApp, etc.) into one internal format for the gateway.
  • Built-in tools: web browser automation, terminal access for CLIs.
  • Skills are the extensibility mechanism: folders containing markdown skills files with instructions for a specific workflow. Thousands exist (Trello, Google Calendar, Docker, GitHub, CRMs). Skills aren't all loaded — metadata is injected, full skill is read on-demand. This solves the CLI vs API vs MCP context-bloat problem at the skill layer.
  • Configuration via agents.md and sole.md markdown files — analogous to Claude Code's CLAUDE.md.
  • Security warnings:
    • Local execution + filesystem + terminal + integrations = powerful backdoor if misconfigured
    • Thousands of internet-exposed OpenClaw instances already exist due to misconfig
    • Prompt injection is a top concern — untrusted input (emails, web pages) may carry instructions
    • Run isolated, audit skills, encrypt credentials before sending to LLM

Why OpenClaw matters across this wiki

This is the page to drill into when other sources reference OpenClaw. It appears in:

Cross-source resonance

  • agents.md / sole.md = OpenClaw's CLAUDE.md-equivalent. The pattern is convergent across agents. See LLM Wiki Pattern discussion of schema files.
  • Skills loaded on demand is the same insight as CLI vs API vs MCP's critique of MCP-loads-everything-upfront. OpenClaw applies it to its own skill system.

Cross-links