Aggregates

Evidence: High: 2 Medium: 8 Low: 8 No Data: 13

Theme Radar

simonw 2026-02-21 01:13 UTC link

I think "Claw" as the noun for OpenClaw-like agents - AI agents that generally run on personal hardware, communicate via messaging protocols and can both act on direct instructions and schedule tasks - is going to stick.

vivzkestrel 2026-02-21 03:10 UTC link

I still dont understand the hype for any of this claw stuff

tomjuggler 2026-02-21 10:12 UTC link

There's a gap in the market here - not me but somebody needs to build an e-commerce bot and call it Santa Claws

ZeroGravitas 2026-02-21 10:16 UTC link

So what is a "claw" exactly?

An ai that you let loose on your email etc?

And we run it in a container and use a local llm for "safety" but it has access to all our data and the web?

mhher 2026-02-21 11:42 UTC link

The current hype around agentic workflows completely glosses over the fundamental security flaw in their architecture: unconstrained execution boundaries. Tools that eagerly load context and grant monolithic LLMs unrestricted shell access are trivial to compromise via indirect prompt injection.

If an agent is curling untrusted data while holding access to sensitive data or already has sensitive data loaded into its context window, arbitrary code execution isn't a theoretical risk; it's an inevitability.

As recent research on context pollution has shown, stuffing the context window with monolithic system prompts and tool schemas actively degrades the model's baseline reasoning capabilities, making it exponentially more vulnerable to these exact exploits.

nevertoolate 2026-02-21 12:40 UTC link

My summary: openclaw is a 5/5 security risk, if you have a perfectly audited nanoclaw or whatever it is 4/5 still. If it runs with human-in-the-loop it is much better, but the value is quickly diminishing. I think llms are not bad at helping to spec down human language and possibly doing great also in creating guardrails via tests, but i’d prefer something stable over llms running in “creative mode” or “claw” mode.

thomassmith65 2026-02-21 13:31 UTC link

  giving my private data/keys to 400K lines of vibe coded monster that is being actively attacked at scale is not very appealing at all

https://nitter.net/karpathy/status/2024987174077432126

If this were 2010, Google, Anthropic, XAI, OpenAI (GAXO?) would focus on packaging their chatbots as $1500 consumer appliances.

It's 2026, so, instead, a state-of-the-art chatbot will require a subscription forever.

trcf23 2026-02-21 14:18 UTC link

Has anyone find a useful way to to something with Claws without massive security risk?

As a n8n user, i still don't understand the business value it adds beyond being exciting...

Any resources or blog post to share on that?

throwaway13337 2026-02-21 14:34 UTC link

The real big deal about 'claws' in that they're agents oriented around the user.

The kind of AI everyone hates is the stuff that is built into products. This is AI representing the company. It's a foreign invader in your space.

Claws are owned by you and are custom to you. You even name them.

It's the difference between R2D2 and a robot clone trying to sell you shit.

(I'm aware that the llms themselves aren't local but they operate locally and are branded/customized/controlled by the user)

andai 2026-02-21 16:20 UTC link

We got store-brand Claw before GTA VI.

For real though, it's not that hard to make your own! NanoClaw boasted 500 lines but the repo was 5000 so I was sad. So I took a stab at it.

Turns out it takes 50 lines of code.

All you need is a few lines of Telegram library code in your chosen language, and `claude -p prooompt`.

With 2 lines more you can support Codex or your favorite infinite tokens thingy :)

https://github.com/a-n-d-a-i/ULTRON/blob/main/src/index.ts

That's it! There are no other source files. (Of course, we outsource the agent, but I'm told you can get an almost perfect result there too with 50 lines of bash... watch this space! (It's true, Claude Opus does better in several coding and computer use benchmarks when you remove the harness.))

dang 2026-02-21 18:31 UTC link

All: quite a few comments in this thread (and another one we merged hither - https://news.ycombinator.com/item?id=47099160) have contained personal attacks. Hopefully most of them are [flagged] and/or [dead] now.

On HN, please don't cross into personal attack no matter how strongly you feel about someone or disagree with them. It's destructive of what the site is for, and we moderate and/or ban accounts that do it.

If you haven't recently, please review https://news.ycombinator.com/newsguidelines.html and make sure that you're using the site as intended when posting here.

jameslk 2026-02-21 18:58 UTC link

One safety pattern I’m baking into CLI tools meant for agents: anytime an agent could do something very bad, like email blast too many people, CLI tools now require a one-time password

The tool tells the agent to ask the user for it, and the agent cannot proceed without it. The instructions from the tool show an all caps message explaining the risk and telling the agent that they must prompt the user for the OTP

I haven't used any of the *Claws yet, but this seems like an essential poor man's human-in-the-loop implementation that may help prevent some pain

I prefer to make my own agent CLIs for everything for reasons like this and many others to fully control aspects of what the tool may do and to make them more useful

daxfohl 2026-02-21 19:12 UTC link

I wonder how the internet would have been different if claws had existed beforehand.

I keep thinking something simpler like Gopher (an early 90's web protocol) might have been sufficient / optimal, with little need to evolve into HTML or REST since the agents might be better able to navigate step-by-step menus and questionnaires, rather than RPCs meant to support GUIs and apps, especially for LLMs with smaller contexts that couldn't reliably parse a whole API doc. I wonder if things will start heading more in that direction as user-side agents become the more common way to interact with things.

deadbabe 2026-02-21 19:26 UTC link

Instead of posts about claws I would like to see more examples of what people are actually doing with claws. Why are you giving it access to your bank account?

Even if I had a perfectly working assistant right now, I don’t even know what I would ask it to do. Read me the latest hackernews headlines and comments?

bouzouk 2026-02-21 22:39 UTC link

Security-wise, having a Claw doesn’t seem so different from having a traditional (human) assistant or working with a consultant. You wouldn’t give them access to your personal email or bank account. You’d set them up with their own email and a limited credit card.

sleight42 2026-02-22 05:23 UTC link

I don't understand why folks are buying Mac Minis specifically for this? Why not repurpose an old existing computer? Run Linux? What am I missing?

corndoge 2026-02-22 06:07 UTC link

I still don't understand what openclaw is or does and i've read the docs multiple times over.

"Any OS gateway for AI agents across WhatsApp, Telegram, Discord, iMessage, and more. Send a message, get an agent response from your pocket. Plugins add Mattermost and more."

"What is OpenClaw?

OpenClaw is a self-hosted gateway that connects your favorite chat apps — WhatsApp, Telegram, Discord, iMessage, and more — to AI coding agents like Pi. You run a single Gateway process on your own machine (or a server), and it becomes the bridge between your messaging apps and an always-available AI assistant."

https://docs.openclaw.ai

My best interpretation of this is that it connects an BYO agent to your messenger client of choice. I don't understand the hype. I already have apps that allow me to message the model server running on my home lab. The model server handles tool calls (ie it is "agentic"). It has RAG over a dataset with a vector search for query. What is new about openclaw? I would like to understand it but what i see people say and what is in the docs do not seem compatible. Anyone have a resource?

CMay 2026-02-22 06:50 UTC link

This feels like the 2026 version of "blog". A thing that didn't need a name and the name it now has contains "out of touch" qualities to it, but it spread easier under a name that got popularized so it wins out in evolutionary terms?

Unlike blog though, claw is camping on an existing word and it won't surprise me if people settle on some other word once a more popular, professional and security conscious variant exists.

I don't think operating through messaging services will be considered anything unique, since we've been doing that for over 30 years. The mobile dimension doesn't change this much, except for the difference between always connected and push notifications along with voice convenience being a given. Not using MCP was expected, because even in my personal experiments it was very natural to never adopt MCP. It's true that there are some qualities MCP has that can be useful, but it's extra work and friction that doesn't always pay off.

Total access + mobile messaging + real productivity is naturally addictive, and maybe it's logical that the lazy path to this is the first to become popularized, because the harder problems around it are simply ignored.

vjk800 2026-02-22 08:24 UTC link

Serious question for early adopters of Claws: what are you using them for? What things do you find them actually useful? Can you give examples of tasks where you actually save time and/or effort using them?

blakec 2026-02-24 02:48 UTC link

I built one of these by accident over two months on Claude Code. ~15,000 lines of hooks, skills, and agents. I never set out to build an orchestration layer. I fixed one problem (stop the model from suggesting OpenAI). Then another (inject date and project context). Then another (catch credentials in tool calls). Then the solutions started stepping on each other, so I built dispatchers. Then dispatchers needed shared state. Then state needed quality gates. By the time Karpathy named the concept, my setup already looked like this.

"Just existing tech repackaged" is accurate and beside the point. Dropbox was just rsync repackaged. The value is in how it comes together, not the individual pieces.

What's actually missing that nobody's built yet: declarative workflow definitions. Everything I have is imperative bash. Want to change the order something runs? Edit a 1,300-line script. A real Claws system would define workflows as data and interpret them.