What's Happening
OpenClaw — formerly known as Clawdbot and briefly Moltbot — is a free, open-source AI agent created by Austrian developer Peter Steinberger (founder of PSPDFKit). First published in November 2025, it has exploded into the fastest-growing open-source project ever recorded, surpassing Linux, Kubernetes, and every other project in growth velocity. It gained 34,168 GitHub stars in just 48 hours on January 30 alone, growing at roughly 56% per day.
The concept is simple and powerful: OpenClaw gives a large language model like Claude "hands" to control your computer. It runs as a Node.js service on your Mac, uses messaging platforms (WhatsApp, iMessage, Slack, Telegram, and 8+ others) as its interface, and can execute shell commands, browse the web, manage your email, control smart home devices, and automate nearly any task you can describe.
Key Points
- 157,000+ GitHub stars and 20,000+ forks with 2 million visitors in a single week — unprecedented growth for any open-source project
- Persistent memory: OpenClaw remembers past interactions for weeks, adapting to your habits and preferences over time
- Mac mini as AI server: Users are deploying it on $499 Mac minis as 24/7 personal AI employees, causing stock shortages at retailers
- Name changed twice: Anthropic sent a trademark notice over "Clawdbot" being too similar to "Claude," forcing a rapid rebrand to Moltbot and then OpenClaw
- MIT licensed: Free to use — you only pay for AI model API tokens, typically $10-150/month
"OpenClaw showed me what the future of personal AI assistants looks like."
— MacStories
Why This Matters
For Mac Power Users
OpenClaw represents the first time a genuinely capable autonomous AI agent has reached mainstream adoption. It automates real workflows — email triage, calendar management, file organization, web research, smart home control — through an interface as simple as sending a text message. The Mac mini trend shows people are willing to dedicate hardware to having a personal AI available 24/7. MacStories editor Federico Viticci called it "the most fun and productive experience I've had with AI."
For Security-Conscious Users
The security picture is alarming. In early February, researchers disclosed CVE-2026-25253 (CVSS 8.8) — a critical vulnerability that allowed one-click remote code execution. If a user clicked a single malicious link while OpenClaw was running, an attacker could hijack the agent's full permissions. Over 30,000 instances were found exposed to the open internet without authentication, because the gateway binds to all network interfaces by default.
Worse, researcher Paul McCarty identified 386 malicious skills on ClawHub, OpenClaw's official extension marketplace. Many deployed Atomic Stealer (AMOS), a macOS infostealer, with the most popular malicious skill racking up 7,000+ installations. A separate Snyk audit found 1,467 malicious payloads across nearly 4,000 skills.
The Bigger Picture
OpenClaw is the canary in the coal mine for autonomous AI agents. The core tension — enormous productivity potential versus fundamental security risk — will define how AI agents evolve. As VentureBeat put it: "OpenClaw proves agentic AI works. It also proves your security model doesn't."
What the Community Is Saying
The enthusiastic take:
"OpenClaw is what Apple Intelligence should have been."
— Hacker News
The expert warning:
"So yes, it's a dumpster fire, and I also definitely do not recommend that people run this stuff on their computers."
— Andrej Karpathy, OpenAI co-founder
The divide is stark. Enthusiasts see the "closest thing to a real-life JARVIS," while security experts see an "absolute nightmare." Token Security found that 22% of enterprise employees are already running OpenClaw without IT approval — making it the fastest-growing shadow IT challenge in years. Gartner has recommended enterprises "block OpenClaw downloads and traffic immediately."
What You Can Do Now
If You Want to Try OpenClaw
Treat it like a new hire with zero trust: minimum permissions, isolated network, close supervision. Run it in a dedicated VM or on a separate machine. Never expose it to the internet. Audit any ClawHub skills before installing. And understand that you're accepting significant risk — as its own maintainer warned: "If you can't understand how to run a command line, this is far too dangerous of a project for you to use safely."
If You Want AI Productivity Without the Risk
The appeal of OpenClaw is clear — people want AI that actually does things on their Mac. But full system access isn't the only path to AI productivity. Tools like Elephas offer a fundamentally different approach: system-wide AI writing and knowledge management via a keyboard shortcut, without giving AI control of your operating system. Elephas's Super Brain creates a personal knowledge base from your PDFs, notes, and documents — queryable from any Mac app — with no exposed ports, no shell access, and no security vulnerabilities to worry about.
The key difference: OpenClaw gives AI control of your Mac. Elephas gives you AI capabilities across your Mac.
Try Elephas free for secure AI productivity that doesn't require a security audit.
What's Next
Watch For
- ClawHub security overhaul: OpenClaw has integrated VirusTotal malware scanning for skills, but the marketplace trust problem remains unsolved
- Enterprise lockdown: Expect corporate VPNs and endpoint management tools to start blocking OpenClaw deployments as shadow IT concerns grow
- Apple's response: With Siri getting a Gemini-powered overhaul in macOS 26.4 this spring, Apple is building toward system-level AI — but with the guardrails OpenClaw lacks
The Long View
OpenClaw's explosive growth proves the demand for autonomous AI agents is real and massive. But February 2026 feels like the Napster moment for AI agents — a groundbreaking proof of concept that exposes just how unprepared our security models are. The winners in this space will be the tools that deliver agent-like capabilities without requiring users to hand over the keys to their entire system.
Key takeaway: OpenClaw is a remarkable technical achievement and a genuine glimpse of the AI agent future. But in its current state, it's a tool for technically sophisticated users who can manage its risks — not a mainstream productivity solution. For most Mac users, the smarter path is AI tools that enhance your workflow without compromising your security.
Frequently Asked Questions
What is OpenClaw?
OpenClaw (formerly Clawdbot and Moltbot) is a free, open-source AI agent created by Peter Steinberger that can autonomously control your Mac. It uses large language models like Claude as its brain and messaging platforms — WhatsApp, iMessage, Slack, Telegram, and others — as its interface. It can manage emails, browse the web, run commands, control smart home devices, and automate nearly any task.
Is OpenClaw safe to use on Mac?
OpenClaw has significant security risks as of February 2026. A critical vulnerability (CVE-2026-25253, CVSS 8.8) enabled one-click remote code execution. Over 30,000 instances were found exposed to the internet without authentication. Researchers identified 386 malicious extensions on its ClawHub marketplace deploying macOS infostealers. Its own maintainer warned it's "far too dangerous" for users who can't manage a command line.
Why are people running OpenClaw on Mac mini?
Users are deploying OpenClaw on Mac minis ($499-$640) as always-on, 24/7 personal AI servers. The appeal is having a dedicated machine running an autonomous AI assistant at low power consumption. The trend went viral on social media, with some retailers running out of Mac mini stock. One developer reportedly configured 12 Mac minis at once for $7,188.
What are safer alternatives to OpenClaw for Mac AI productivity?
For Mac users who want AI productivity without giving an agent full system access, Elephas offers system-wide AI writing via a keyboard shortcut and a personal knowledge base (Super Brain) built from your documents. It supports multiple AI models, works offline with Ollama, and costs $9.99/month — with no exposed ports, shell access, or security vulnerabilities.
