OpenClaw: From Side Project to 145K GitHub Stars — What Developers Should Know
By DevRel Guide • February 2026 • 12 min read
“It's a free, open source hobby project that requires careful configuration to be secure. It's not meant for non-technical users. We're working to get it to that point.” — Peter Steinberger, OpenClaw creator
The Fastest Triple-Rebrand in Open Source History
In January 2026, an Austrian developer named Peter Steinberger open-sourced a personal AI assistant he had been building as a hobby project. He called it Clawdbot — a lobster-themed reference to Anthropic's Claude model that powered it. Within 24 hours, the project had 9,000 GitHub stars.
Then Anthropic flagged potential trademark concerns with the name. Steinberger renamed it Moltbot (a nod to how lobsters moult to grow). Three days later, he renamed it again to OpenClaw — a “permanent identity” that emphasized the project's open-source nature while keeping the crustacean brand.
As of February 2026, OpenClaw has crossed 145,000 GitHub stars and 20,000 forks, making it one of the fastest-growing open-source projects in history.
What OpenClaw Actually Does
OpenClaw is a self-hosted AI agent that runs directly on a user's operating system. It connects to messaging platforms — WhatsApp, Telegram, Discord, Slack, Signal, iMessage, Microsoft Teams — and automates tasks through natural language commands.
Core Capabilities
| Feature | Description |
|---|---|
| Proactive Automation | Sends morning briefings, clears inboxes, runs cron jobs for reminders without prompts |
| Messaging Integration | WhatsApp, Telegram, Discord, Slack, Signal, iMessage, Teams, and more |
| Skills Ecosystem | 565+ community skills for Google Workspace, GitHub, Spotify, smart homes, dev tools |
| Persistent Memory | Stores context in markdown files (SOUL.md, MEMORY.md) for multi-device continuity |
| Browser Control | Screen recording, location services, webhooks, multi-agent routing |
| Model Flexibility | Works with Claude, GPT, DeepSeek, Ollama (local), and other LLM providers |
The installation requires Node.js 22+ and an API key for the chosen LLM provider. Monthly API costs range from $3–$15 depending on usage.
Why Adoption Exploded
Several factors drove OpenClaw's adoption beyond what typical open-source projects achieve:
- Zero vendor lock-in: Free under MIT license. Users pay only for LLM API calls. No subscription, no cloud dependency.
- Self-hosted privacy: All data stays local except API requests to the chosen model provider. This resonated strongly with privacy-conscious developers.
- Community-driven extensibility: Over 565 skills in the community repository, allowing developers to add capabilities for specific use cases.
- Cross-platform messaging: The ability to control the agent from WhatsApp or Telegram lowered the barrier to entry beyond traditional CLI tools.
IBM Research noted that OpenClaw demonstrates the “real-world utility of AI agents is not limited to large enterprises” and can be “incredibly powerful” when given full system access. Adoption spread from Silicon Valley to China, where Alibaba, Tencent, and ByteDance began integrating it with local messaging apps and Chinese-developed models like DeepSeek.
The Security Problem
The same capabilities that make OpenClaw powerful also make it dangerous. Cybersecurity firm Palo Alto Networks warned that the agent presents a “lethal trifecta” of risks:
- Access to private data: The agent can read emails, calendars, files, and messages.
- Exposure to untrusted content: Skills downloaded from community repos can contain malicious code.
- External communication ability: The agent can send messages and make API calls while retaining memory of past interactions.
Heather Adkins, VP of Security Engineering at Google Cloud, issued a direct warning: “My threat model is not your threat model, but it should be. Don't run Clawdbot.”
Security researchers have found hundreds of exposed OpenClaw instances leaking API keys, credentials, and conversation histories. Prompt injection attacks — where malicious text in an email or message tricks the agent into executing harmful commands — remain the primary attack vector.
OpenClaw vs. Other AI Agents
| Feature | OpenClaw | ChatGPT | Claude Code | Siri / Alexa |
|---|---|---|---|---|
| Local Hosting | Yes | No | No | No |
| Proactive Tasks | High | Low | Medium | Medium |
| Skills Extensibility | Community (565+) | Plugins | Built-in + MCP | Limited |
| Privacy Model | Local data | Cloud | Cloud | Cloud |
| Cost | API only | Subscription | API or subscription | Free (limited) |
| Open Source | Yes (MIT) | No | No | No |
What This Means for Developers and DevRel Teams
OpenClaw's rise signals a broader shift in how developers interact with AI tooling:
- Open-source distribution wins: The project's growth was driven entirely by community contributions and word-of-mouth. No marketing budget. No enterprise sales team.
- Messaging as interface: Controlling AI agents through WhatsApp and Telegram represents a new interaction paradigm that DevRel teams should monitor.
- Security as differentiator: The security concerns around OpenClaw create opportunities for tools that offer similar capabilities with stronger sandboxing and access controls.
- Community skills as ecosystem: The 565+ community skills demonstrate that developer ecosystems can form rapidly around well-designed extension points.
The gap between “personal project” and “global phenomenon” collapsed to about two weeks. The ingredients: open-source code, a real use case, community contributions, and a memorable brand — even if the brand kept changing.