I Installed OpenClaw And I Have No Idea What To Use It For
So I went and installed OpenClaw to determine what the hype was about. And… I have no clue what to use it for.
What Is OpenClaw?
OpenClaw is an open source personal AI platform. With it, you can self-host it on your own hardware and connect to various accounts. Input is sent via communication apps of your choice, like WhatsApp and Telegram so you can text your AI assistant from your phone. It has personalization features like Heartbeat and Soul, files that give it a personality and determine when it proactively checks on things you want it to do. It can even do text to speech through WhatsApp.
Sounds cool, right?
The Problem: I Already Built Something Better
Currently my stack is PAI (Personal AI Infrastructure), Obsidian, and Claude Code. I use Obsidian as my reference library on me, my tasks, and my goals. Claudia, my AI assistant built on PAI, has access to all of these files, allowing her to know my career goals, my learning patterns, my tendencies, my strengths and weaknesses. Multiple Claude sessions are always running with PAI already loaded, allowing me to VPN to my home network and immediately get to work with Claudia. My Obsidian vault syncs across every device I use; if I capture a thought on my phone in Obsidian, Claudia can process and organize it later from the desktop. I can run skills, spin up agents, set up scheduled tasks. It is a full AI workflow, not just a chatbot.
I already remotely connect to Claudia. It is a little difficult to do all the things I want from a phone like using Visual Studio 2022 or moving files around. Typing on a phone can feel like I am always misspelling stuff and rushing. But for AI interactions, it gets the job done. Alternatively I have Obsidian on my phone for quick captures when I do not want to remote in at all. It’s not as streamlined as using WhatsApp or Telegram, but it works.
If I switched to OpenClaw, I would probably have to re-implement all of that somehow: Get it to talk to my vault, rebuild the personality, and implement the context that Claudia already has. And for what? A slightly smoother mobile texting experience?
The Security Question
Here is where my pentester brain kicks in. If you search for some of the mistakes OpenClaw has caused, it is really kind of wild what people allowed it to do.
Meta’s own AI safety director, Summer Yue, asked her OpenClaw agent to check her overstuffed inbox and suggest what to delete or archive. Instead, the agent started speed-running through her inbox deleting everything. She tried to stop it from her phone but it ignored her and she had to physically run to her Mac Mini and kill the process like she was defusing a bomb. The root cause? OpenClaw’s context window compaction compressed the conversation and dropped her instruction requiring approval before taking action. The AI literally forgot the rules she set. That was not some random hobbyist – this was an expert in the field: someone who sets the standard for what security should be.
It gets worse. In a separate incident, a red teaming study targeted six OpenClaw agents that had access to email, shell, and their own memory systems. Despite confidentiality safeguards, researchers compromised the agents through fake identities and manipulated memory files, successfully leaked sensitive data. Another user reportedly lost $450,000 after his OpenClaw agent with access to a crypto wallet gave away all his tokens to someone who simply asked for them. Meta has since banned OpenClaw internally.
I am not saying OpenClaw is fundamentally broken. But before I would ever recommend it to someone, I would first ask: what are you connecting it to? What data are you giving it access to? What happens when it does something you did not intend? Do you have a kill switch?
The Trust Line
I trust Claudia with my vault. My goals, my tasks, my career plans, my personal reflections. That is my (very local) data and mine to risk.
But email? That involves other people’s data. Messages from coworkers, customer information, confidential work communications. I am not comfortable handing that to any AI, local or not. OpenClaw makes it easy to connect to email and messaging, but easy does not mean effective. It’s not just about the exposure associated with email access. Calendar access means the AI knows where you are and who you are meeting with. Contacts mean it has your network. Social media posting means it can speak as you publicly. Bank accounts and financial tools mean it can spend your money. Smart home access means it can unlock your doors. Each one of those sounds convenient until something goes wrong. And as we saw with the Meta incident, things go wrong even when the person running it is literally an AI safety expert.
I keep my AI interactions scoped to things where the blast radius is small. If Claudia messes up a task in my vault, I fix it. If an AI agent deletes my inbox or sends a message to the wrong person or posts something I did not approve, that is a different kind of problem.
What OpenClaw Does Well
I want to be fair. OpenClaw is not a bad project. There are things it does that I think are genuinely clever:
- The WhatsApp and Telegram integration meets people where they already are.
- Self-hosting means you control your data (at least in theory).
- The Heartbeat and Soul files for personality and proactive behavior are a nice touch.
- For someone starting from zero with no existing AI infrastructure, it would be a solid starting point.
But I Am Not Starting From Zero
That is the thing, I already have a full system. Claudia as my PAI applies deep context about who I am and what I am working on. I already have agents and automation. I have a vault that syncs across devices, voice note capture and processing, and weekly task boards with career tracking.
OpenClaw would effectively be a significant step backwards in capability for a marginal step forward in mobile convenience, and that trade-off is not worth it for me.
My Verdict
If you do not already have a personal AI setup and you want to start somewhere, OpenClaw could be a good entry point. The WhatsApp interface is genuinely easy to use. Self-hosting is the right approach, and simple use cases like reminders, quick questions, or basic task management work just fine without personal context and history.
If you are thinking about connecting it to your email, your calendar, your financial accounts, or anything with real consequences, slow down. Start small. Test it with throwaway data first and have a plan for when it does something you did not ask for. Based on what I have seen, that is not a matter of if, but when.
If you already have a workflow that works, ask yourself honestly: what does this add? I asked myself that question and I could not come up with an answer.
I installed it. It is still running on my home lab. I have not used it past day one or two. And I am starting to think the most honest thing I can do is admit that and move on.
I even thought about having my wife use it. Maybe for reminders or organizing her day. But when I actually talked to her about it, the friction was immediate and obvious. It is another app she would have to open and check. Her existing apps already do the same things. She would have to learn how it works, teach it her preferences, and go through an onboarding process for something that does not solve a new problem. And the biggest one: most of her work lives in systems OpenClaw cannot access. Work email, work calendars, work tools. The AI has no way to reach any of that.
When you start trying to find someone else to justify a tool you installed, that tells you something. And when even the person you are pitching it to can immediately list reasons it would not work for them, that tells you even more.
The Bigger Lesson
Not every AI tool is for everyone. Even if you are deep into AI.
I recently surveyed the analysts at my job about where they sit on AI adoption. Most of them are at the most basic level. Just chatting with it occasionally. I am on the other end, building agent infrastructure and running a full personal AI system. And even at that level, I could not justify this tool.
There is a gap between “cool technology” and “actual use case” that does not get talked about enough. We see a new tool, we see the hype, we install it because we do not want to miss out. And then it sits there. Running on a server. Consuming resources. Unused.
The honest question is not “can I install this?” It is “what problem does this solve for me that is not already solved?” And if you cannot answer that before you install it, you probably will not be able to answer it after either.
I am still figuring out the best way to use AI in my life and work. I do not have it all figured out. But I am learning that more tools does not mean more productivity. Sometimes the setup you already have is the right one, and the most productive thing you can do is stop installing new things and actually use what you built.
References
Tools Mentioned:
- PAI (Personal AI Infrastructure) - The framework I use for my personal AI system
- Obsidian - Markdown-based knowledge management
- Claude Code - Anthropic’s CLI for Claude
- OpenClaw - The open source personal AI platform discussed in this post
OpenClaw Incident Sources:
- A Meta AI security researcher said an OpenClaw agent ran amok on her inbox - TechCrunch
- AI tool OpenClaw wipes the inbox of Meta’s AI Alignment director - Tom’s Hardware
- Meta’s safety director handed OpenClaw AI agents the keys to her emails - Windows Central
- An OpenClaw AI agent asked to delete a confidential email nuked its own mail client - The Decoder