OpenClaw intel for builders — signal, not hype.
OpenClaw is an open-source AI agent platform that can autonomously operate your computer — browsing the web, running apps, managing files, and executing multi-step workflows on your behalf. It was originally released as "Clawdbot," later rebranded to Moltbot, and is now known as OpenClaw.
OpenClaw can be installed via npm (npm install -g openclaw), Docker, or by cloning the GitHub repo. See our full installation guide for step-by-step instructions on every platform.
Yes. OpenClaw is fully open-source under the Apache 2.0 license. You can use, modify, and distribute it freely. Some cloud-hosted versions or premium ClawHub skills may have separate pricing.
OpenClaw grants broad system permissions by design, so caution is warranted. The project has integrated VirusTotal scanning for ClawHub skills, but security researchers continue to find malicious packages. Always review a skill's source, limit permissions, and keep OpenClaw updated. See our troubleshooting guide for security tips.
Skills are plugin-like extensions distributed via ClawHub that add new capabilities to your OpenClaw agent — like browsing the web, managing cloud infrastructure, or interacting with APIs. Think of them like npm packages but for agent actions.
In February 2026, OpenClaw creator Peter Steinberger joined OpenAI. OpenClaw remains open-source under a community foundation, and OpenAI has committed to keeping it that way. Read our timeline for details.
OpenClaw competes with platforms like BitBuddies, Adept, and Moltbot/Emergent. Its key differentiators are the open-source model, the ClawHub skill ecosystem, and broad OS-level control. See our alternatives comparison.
Check out our ELI5 explainer for a beginner-friendly overview, our usage & tutorials page for hands-on guides, and our glossary for key terms.
Researchers detailed four CVEs in OpenClaw (including sandbox TOCTOU issues and an ownership-check bypass) that can be chained for data theft and persistent access; admins are urged to update and harden configurations. The report highlights weak trust of a senderIsOwner flag and other design pitfalls that expand attack surface. (thehackernews.com)
Community notes highlight the return to stable releases with 5.12 and call out its broad security pass across sandboxing, SecretRefs, pairing, and redaction, linking to the tag. Operators discuss cadence and upgrade practices around the new cut. (reddit.com)
This release trims default installs, externalizes several heavy plugins, hardens sandbox and provenance checks, and substantially improves Telegram resilience and Codex/OpenAI auth paths. It also tightens SecretRef handling and redaction, and smooths plugin update/repair flows. (github.com)
A community roundup observes a rare pause in stable tags after 5.7 and tracks active work in betas (up to 2026.5.12‑beta.8), suggesting a shift to a more cautious release train. It lists areas of focus such as plugins, gateway/session, Codex harness, and auth. (reddit.com)
- Hermes Agent Just Broke OpenClaw With A New Insane Update — https://www.youtube.com/watch?v=auNz1x2FU_E; Channel: AI Revolution; Uploaded: May 13, 2026. A fast news-style breakdown comparing Hermes Agent’s surge with where OpenClaw stands now, plus what the shift means for builders. (tubescout.app)
- Cyber Rus: Alchemists Open Claw and D Flash Magic — https://www.youtube.com/watch?v=lMleszoWkQA; Channel: YAinvestAI; Uploaded: May 13, 2026. A hands‑on demo of spinning up a local AI server that pairs OpenClaw with a speed‑tuned generation stack and shows real‑time setup choices. (tubescout.app)
A maintenance update that adds cron status to JSON output, clarifies channel CLI behavior, and fixes Codex OAuth repair logic so doctor --fix no longer breaks subscription-auth setups. It also tightens owner enforcement for native commands and improves Discord/Telegram/WhatsApp handling. (github.com)
Documents an incomplete navigation‑guard issue that can bypass SSRF policy enforcement via certain browser interactions on versions before 2026.4.10. The post links to the GitHub advisory and fixing commits. (redpacketsecurity.com)
SentinelOne notes an authorization‑context reuse bug prior to 2026.4.14 that could let queued messages execute with elevated permissions in collect‑mode batch processing. Mitigations include upgrading, disabling collect‑mode, or segregating queues by privilege. (sentinelone.com)
TechCrunch frames Perplexity’s “Personal Computer” release as an answer to OpenClaw‑style local agents, explicitly citing OpenClaw’s security concerns and positioning PC as a safer alternative. The piece underscores growing demand for on‑device agents OpenClaw helped popularize. (techcrunch.com)
Advisory describes a weakened exec‑approval binding vulnerability in busybox/toybox applet execution on OpenClaw 2026.2.23 before 2026.4.12 that can undermine command‑safety controls. Rated High severity (CVSS 8.8) with references to the upstream GHSA and fix. (redpacketsecurity.com)
Snyk flagged an SSRF issue affecting OpenClaw versions prior to 2026.4.12 via crafted media URLs in QQBot handling, enabling access to internal resources; upgrading to 2026.4.12+ is recommended. The entry includes CVE details, impact, and fix guidance. (security.snyk.io)
Users confirm the first stable of the 2026.5 line and share field notes on platform stability, including Windows‑specific feedback and rollback tips. The thread serves as an early‑adopter checkpoint as the 5.x train begins. (reddit.com)
OpenClaw is an open-source AI agent platform that can autonomously operate your computer — browsing the web, running apps, managing files, and executing multi-step workflows on your behalf. Originally released under a different name, OpenClaw has rapidly become one of the most talked-about projects in the AI-agent space thanks to its extensible "skill" system (distributed via ClawHub) and its ability to chain actions across local and cloud environments.
Peter Steinberger releases Clawdbot, a personal AI-agent experiment that can control a desktop computer autonomously. The project garners early attention from the hacker community.
Word-of-mouth spreads fast. The project rebrands to Moltbot as download counts surge. Developers start building third-party "skills" — plugin-like extensions that chain agent actions.
A companion product, Moltbook, is teased for notebook-style agent workflows. Soon after, the entire project rebrands again to OpenClaw, emphasizing its open-source ethos and the new ClawHub skill marketplace.
Critical vulnerabilities surface — including CVE-2026-25253 (one-click RCE via Control UI) — prompting rapid patches and VirusTotal integration for ClawHub skills. Security researchers begin auditing the ecosystem extensively.
Reports emerge that multiple Big Tech companies, including OpenAI and Google, are in discussions about acquiring or integrating OpenClaw. The AI-agent space heats up as competitors race to match OpenClaw's capabilities.
OpenClaw creator Peter Steinberger joins OpenAI. Crucially, OpenClaw remains open-source under a community foundation — OpenAI commits to supporting, not acquiring, the project. The Verge, Financial Times, and Business Insider all cover the story.
A news hub that aggregates the latest OpenClaw updates, security advisories, release notes, and community chatter. We focus on signal over hype.
No. This is an independent publication. We are not affiliated with, endorsed by, or sponsored by the OpenClaw project or its maintainers.
ClawHub is OpenClaw's community marketplace for "skills" — plugin-like extensions that add capabilities to the agent. Think of it like a package registry (npm, PyPI) but for agent actions.
OpenClaw grants broad system permissions by design. The project has integrated VirusTotal scanning for ClawHub skills, but security researchers continue to find malicious packages. Always review a skill's source, limit permissions, and keep OpenClaw updated.
Content is refreshed periodically based on news flow. Check the "Last updated" timestamp at the top of the news section.
A critical remote-code-execution bug in OpenClaw's Control UI that allowed one-click token exfiltration via a malicious link. It was patched in v2026.1.29 (January 30, 2026). All users should update immediately.
Not yet — we're a static v0 site. Future versions may accept community submissions. For now, all content is manually curated and reviewed before each update.
We aggregate recent coverage from major tech and security outlets, then compile it into a structured feed.