145 | OpenClaw: Everyone's Talking About It. My Advice? Run!
A new AI tool is taking the internet by storm. It's genuinely fascinating. It's also a security nightmare. Here's what you need to know.
Something new is breaking through the noise in AI right now, and it’s not a chatbot. It’s a tool that promises to be a true personal assistant — one that lives on your computer, connects to everything you use, and takes action on your behalf. Not when you ask it to. Just... whenever it thinks you need it.
It’s called OpenClaw, and I’m here to tell you:
Do not install it!
I know. You’re either thinking “what IS this and why should I care?” or “oh, I’ve heard of this — should I try it?” Either way, the answer is the same. Watch from a distance. Stay curious. Do not touch it yet.
Let me explain why.
So What Is OpenClaw, Exactly?
Think of it as a personal assistant that runs on your own computer (not in the cloud) and actually does things for you. Not just answers questions — it does things. It connects to your email, calendar, Slack, Google Drive, and SharePoint. It remembers your preferences and builds a detailed picture of your life and work over time.
And it acts on its own.
Imagine this: your Tuesday staff meeting gets cancelled. Before you’ve even processed that you now have a free afternoon, OpenClaw has already spotted the scheduling conflict, reshuffled your calendar, and sent the reschedule notices. You didn’t ask it to. It just noticed, decided, and acted.
For busy professionals, that sounds amazing (and hopefully a bit scary). And honestly? It most definitely is a bit of both.
Why the AI Twitter Crowd Is Losing Its Mind
For those deep in the AI Twitter rabbit hole, this is a genuinely historic moment. The “always on” AI assistant — one that doesn’t wait to be asked, that manages your life the way a very capable human assistant might — has been the holy grail of personal AI for years. OpenClaw is the first project to get anywhere close.
The numbers back up the excitement. OpenClaw reached 201,000 stars on GitHub in a matter of weeks after its launch in late 2025. To put that in perspective, most popular open source projects take years to reach that milestone.
I’ll be honest: I’m curious about it myself. I’m actually planning to set up a dedicated computer just to try it out safely1. That’s how interesting this is.
But interesting and ready are two very different things.
Here’s Why You Should Run
Let me tell you what’s actually been happening to people who installed OpenClaw.2
A user connected it to their iMessage account. OpenClaw went rogue and spammed hundreds of messages before they could stop it.
Now imagine that’s not iMessage. Imagine it’s your organization’s email. Or your donor database. Picture an AI that has been quietly given access to your contacts, your email, your Slack, firing off personalized messages to your entire list while you’re in a meeting. Your board members. Your major donors. Your partners. An embarrassing message, a garbled automated note, or something worse, going out under your name before you even know it’s happening.
There’s more. OpenClaw has a marketplace where users can download add-ons: think apps for your phone, except for your AI assistant. Attackers uploaded professional-looking fake add-ons to that marketplace. People downloaded them, thinking they were legitimate tools. Those fake add-ons stole their credentials and handed attackers complete remote control of their systems.3
And then there’s this: security researchers discovered that simply visiting a malicious website while OpenClaw was running could hand an attacker full control of your computer. No clicking on anything suspicious. No downloading a file. Just browsing the web, completely normally, while OpenClaw was running in the background. That’s all it took.4
Multiple serious security vulnerabilities have been discovered and patched in the past month alone, which strongly suggests more are coming as researchers keep digging.
The product’s own documentation puts it plainly:
“There is no ‘perfectly secure’ setup.”
For any organization that handles sensitive data — and nonprofits absolutely do — this is not a tool you want anywhere near your systems right now.5
So Why Are We Even Talking About It?
Because this technology is not going away. And something important just happened that changes the future of it.
In February 2026, OpenClaw’s creator joined OpenAI (the company behind ChatGPT). Sam Altman, OpenAI’s CEO, called him “a genius with a lot of amazing ideas about the future of very smart agents.” The creator himself said his next mission is to build an agent “even my mum can use.”6
That is exactly the audience OpenClaw’s creator is now designing for.
OpenAI’s backing means real engineering resources, real security investment, and a serious commitment to making this technology work for regular people, not just developers willing to run experiments on their personal laptops.
OpenClaw will continue as an open source project with OpenAI’s support. The vision is good. The ambition is real. What it needs is time, and the kind of serious safety work that a solo developer building something viral on the fly simply couldn’t do fast enough.
For Now, Watch and Wait
Right now, the best thing you can do is stay informed. Keep this article handy for the day someone on your team comes to you buzzing about OpenClaw and asking if you should try it, because that day is coming. You'll be the one who already knows what it is, why it matters, and exactly why the answer is not yet.
And there’s a reason we talk about the leading edge versus the bleeding edge of technology. The leading edge is where the exciting, genuinely useful stuff lands once it’s been tested, stabilized, and made safe for regular humans. The bleeding edge is where the brave (and sometimes reckless) pioneers go first — and occasionally get hurt. Right now, OpenClaw is deep in bleeding-edge territory. The injuries are real, as the examples above show. Your organization doesn’t need to be the one that finds the next sharp corner.
The future of AI is assistants that actually do things. OpenClaw is the first rough draft of that future. Keep an eye on it. When it’s ready for organizations like yours, I’ll be the first to tell you.
Until then, the best choice you can make is the one you’re making right now: learning what this is, understanding why it matters, and deciding — wisely — to wait.
Make Good Choices!
Conveniently, I recently decided to finally replace my aging laptop, which is constantly maxing out on memory usage. My new one was just delivered today. It’s sitting in a box, telling me to hurry up and finish this article!
Or feel free to read online all kinds of horror stories. Here are links to just a few. https://www.nytimes.com/2026/02/23/opinion/chatbots-open-claw.html, https://www.theverge.com/news/874011/openclaw-ai-skill-clawhub-extensions-security-nightmare, https://fortune.com/2026/02/12/openclaw-ai-agents-security-risks-beware/, https://www.mastercard.com/us/en/news-and-trends/stories/2026/openclaw-ai-security-standards.html
This attack was dubbed “ClawHavoc” by the security researchers who discovered it.
This vulnerability was nicknamed “ClawJacked” and was classified as high severity. A patch was released within 24 hours of disclosure, but its existence illustrates how fast the security risks are evolving.
From Cisco’s security analysis: OpenClaw is “groundbreaking” as a capability, and “an absolute nightmare” from a security perspective.
OpenClaw will live on as an independent, open source foundation, with OpenAI providing financial and technical support.