What is OpenClaw (IBM Technology)
openclawagentsagentic-loopreact-patternllmsecurity
What is OpenClaw (IBM Technology)
Cedric Clyburn explains OpenClaw — open-source personal AI agent created late 2025, now one of the most-starred GitHub projects. Walks through the Agentic Loop (ReAct pattern), the gateway architecture, and security considerations.
Key claims
- Knowing vs doing: chatbots tell you how to schedule a meeting; agents schedule it. OpenClaw closes that gap by combining an LLM with tools and autonomous action.
- Agentic Loop (ReAct pattern):
- Task arrives (Slack/iMessage/WhatsApp/etc)
- Agent assembles context: conversation history, long-term memory, system instructions, available tools
- Send to LLM for reasoning
- LLM decides: need a tool? If yes, execute and feed result back into context
- Loop reasoning ↔ acting until no tool needed
- Final response back to user
- OpenClaw architecture: Node.js service, hub-and-spoke with a central Gateway (always-on WebSocket; routing, sessions, multi-agent management, tool dispatch).
- Adapters unify incoming sources (Slack, iMessage, Teams, Discord, WhatsApp, etc.) into one internal format for the gateway.
- Built-in tools: web browser automation, terminal access for CLIs.
- Skills are the extensibility mechanism: folders containing markdown skills files with instructions for a specific workflow. Thousands exist (Trello, Google Calendar, Docker, GitHub, CRMs). Skills aren't all loaded — metadata is injected, full skill is read on-demand. This solves the CLI vs API vs MCP context-bloat problem at the skill layer.
- Configuration via
agents.mdandsole.mdmarkdown files — analogous to Claude Code'sCLAUDE.md. - Security warnings:
- Local execution + filesystem + terminal + integrations = powerful backdoor if misconfigured
- Thousands of internet-exposed OpenClaw instances already exist due to misconfig
- Prompt injection is a top concern — untrusted input (emails, web pages) may carry instructions
- Run isolated, audit skills, encrypt credentials before sending to LLM
Why OpenClaw matters across this wiki
This is the page to drill into when other sources reference OpenClaw. It appears in:
- LLM Wiki (Karpathy gist) — listed as a canonical agent for the LLM Wiki Pattern
- Andrej Karpathy on Agentic Engineering (Sequoia AI Ascent) — install-via-prompt is his Software 3.0 example
- Agentic AI in the Enterprise (Praveen Akkiraju, CXOTalk) — "the first open-source framework that actually worked" as a personal agent
- Printing Press (Nate Herk video) — Peter Steinberger (OpenClaw creator) inspired Printing Press by building
gogCLI to replace Google's official one
Cross-source resonance
agents.md/sole.md= OpenClaw'sCLAUDE.md-equivalent. The pattern is convergent across agents. See LLM Wiki Pattern discussion of schema files.- Skills loaded on demand is the same insight as CLI vs API vs MCP's critique of MCP-loads-everything-upfront. OpenClaw applies it to its own skill system.
Cross-links
- OpenClaw · IBM Technology · Agentic Loop · Peter Steinberger · CLI vs API vs MCP