Stone Crab Claws Ready to Eat
getty
It’s the most famous AI assistant around, right now – but OpenClaw remains seriously controversial. Some users who have tried it tout it abilities, while others insist that security issues make it a net negative, for handling sensitive assets like an inbox.
Let’s face it, the technology is new, and relatively untested. The more savvy among us, unwilling to act as digital guinea pigs, set up a less sensitive sandbox for OpenClaw to claw around in, and see what shakes out, in a low-stakes environment. Those who actually fork over their passwords sometimes see catastrophic results.
You can read the reporting from The Information, titled: OpenClaw Struggles to Grow Up After Overnight Success, by Juro Osawa and Rocket Drew, to get a better picture of this, or alternately, talk to people who have taken the plunge, to get a better understanding of how OpenClaw works.
The Glitching: Configuration Errors, Runtime Errors, and More
On the front end, in more of an administrative category, you have a range of issues related to coding or operational problems with OpenClaw. These are not going to result in pilfered assets, or inappropriate trashing of personal files, or anything like that. You’ll see them pop up, in WSL or Windows, or whatever your environment is, and the result is going to be a hung session.
Specifically, an article by Kunpeng-AI at Dev illustrates the error messages you’ll see with a range of config errors: an invalid API key will return: “Error: Invalid API key,” a JSON error will return: “Error: Invalid JSON in config file at line XX.” A runtime error might mean lost messages or webhook verification fails.
Running Amok
Then there’s that whole host of nightmare scenarios that don’t have to do with operational snafus in the code. Instead, they represent a well-meaning OpenClaw doing something that just isn’t aligned with user desire. If it was human, we would say the claw is “misguided” and acting out of shoddy intent.
For example, so many who have given OpenClaw access have seen it go in and mass-delete emails for no readily apparent reason.
“Meta’s Director of AI and Safety Alignment wanted to clean up her inbox, so she set up an OpenClaw AI agent and told it to ‘confirm before acting,’” writes Gil Feig at TechRadar. “But it didn’t. Instead, the OpenClaw agent mass-deleted hundreds of emails while she scrambled to shut it down from another device.”
When that happens to someone so close to the AI world, you wonder what’s happening to everyone else.
Other accounts have to do with OpenClaw providing faulty information, or failing to safeguard process in some mission-critical way. Take a look at articles like this going into a range of problem scenarios.
OpenClaw and Anthropic
When it comes to one of the biggest model makers in the industry, the realm of the Amodei brethren, there’s been quite a bit of kerfuffle between Anthropic and OpenClaw, starting with the former’s pushback on the original name, Clawdbot, and the banning of Peter Steinberger from the Claude platform recently. Part of this may be around the bleeding of token volume through third-party harnesses, which I wrote about last week, but there are other issues, too.
“I’ve been working on getting the claude -p fallback feature working after Boris confirmed that it’s a classifier bug and not intentional,” Steinberger said of the ban, which was quickly reversed, according to reporting by Aman Gupta at Live Mint. “We’re still blocked, and it seems that got me banned, too.”
It seems, from some light reading, that the -p flag deals with bad API calls. Anyway, it’s an illustration of the tension between the two projects. Anthropic, it seems, isn’t a fan of OpenClaw – and a lot of security pros aren’t, either.
Cumbersome Technology?
Let’s add to that a user review at PCMag, where writer Ruben Circelli points out some of the tragic flaws of the clawbot.
First, there’s the setup.
“I can easily enable ChatGPT Agent on my desktop or mobile device, ask it to find me a recipe, and have it add the necessary ingredients to my Instacart cart,” Circelli writes. “But if I want to do the same with OpenClaw, I need to install it, acquire and input an API key for my LLM of choice, install a skill to enable OpenClaw to control my web browser, start my OpenClaw instance, and then ask it to do the same thing. Even then, depending on my model choice (and usage limits), OpenClaw might require additional tweaks to actually work.”
The broad nature of the software, he notes, leads to issues with unwieldy tech.
“I don’t mind the complexity too much,” he adds, “but OpenClaw’s general cumbersomeness turned me off from the start. Although setup guides can help, they don’t necessarily cover what you need to do to configure OpenClaw for your specific project.”
As for security, Circelli brings up that specific story of the Meta pro losing the emails, before making a distinction between his own approach, and what others might experience messing with OpenClaw:
“I ran OpenClaw on a dedicated machine to avoid security issues, and I didn’t use any important accounts with it, but you might not have that luxury,” he writes. “And if you do use it on your personal computer or with accounts you actually care about, you risk things going very wrong very quickly.”
His last point brings up something that I’ve also seen elsewhere. Here’s now Circelli explains it: \
“If you figure out how to use OpenClaw cheaply, get through the setup, and address its security concerns, you still need a good enough use case to make all that worth it,” he writes, noting that people often end up using OpenClaw, not for core utilities, but for uses that are, at the end of the day, “niche.”
I’ll go a step further and say that I’ve heard users trying to figure out anything to use OpenClaw for at all. It’s a strange kind of writer’s block, to be faced with this powerful neural net capability, and not being able to assign it anything.
Whatever you do, please run OpenClaw in a bounded, non-sensitive environment, until we figure it out better. Stay tuned.
