OpenClaw: AI Agent Between Revolution and Security Risk

Summary

The open-source project OpenClaw is currently being hyped as a revolutionary AI agent that takes on autonomous actions such as email management, calendar editing, and file processing. Unlike classic chatbots (e.g., ChatGPT), OpenClaw actually executes system actions. However, there are serious security concerns: passwords are sometimes stored in plain text, the application uses disproportionately many third-party dependencies, and incurs high API costs. Additionally, a possible artificial hype initiation is being discussed. Safer alternatives like TrustClaw already exist.

People

• Peter Steinberger (Developer of OpenClaw)

Topics

• Artificial Intelligence & Agents
• Cybersecurity & Data Protection
• Business Software
• Open-Source Projects

Clarus Lead

OpenClaw positions itself as an autonomous AI agent for enterprise tasks – with significantly more capability to act than previous chatbots. The system can read/write emails, create calendar entries, execute software, and analyze files without requiring manual intermediate steps. For decision-makers: Despite functionality, substantial security risks arise from plain-text password storage and excessive external dependencies. Additionally, it is being discussed whether the current hype was artificially initiated.

Detailed Summary

OpenClaw fundamentally differs from text-driven chatbots through its ability to act independently. A practical example: While ChatGPT merely returns text when asked to "create an appointment," OpenClaw actually creates the appointment in the calendar system. Interaction occurs through messenger apps like Telegram or WhatsApp, creating the impression of collaboration with a human colleague.

Technical implementation is carried out via API keys from third-party providers (OpenAI, Anthropic, Google Gemini). OpenClaw functions either locally on one's own device, in the corporate network, or in the cloud. Ready-made hosting offers enable use without technical expertise.

Business applications are diverse: automatic website monitoring every ten minutes with Telegram notifications, autonomous content creation based on long-term memory of previous articles, or accounting automation through invoice extraction from email inboxes. The system saves time on recurring tasks that previously required specialized online services.

Critical security concerns carry significant weight: The project was developed in "vibes-coding style," meaning AI systems largely wrote the code themselves. This led to a disproportionate number of third-party dependencies and critical security vulnerabilities. Particularly problematic is the storage of passwords in plain text to enable Gmail access. The system also consumes extremely many tokens in API calls, resulting in high ongoing costs.

An additional controversy revolves around hype initiation: Reddit posts document an anomaly in OpenClaw's social media spread, pointing to coordinated artificial amplification. Peter Steinberger, an experienced entrepreneur with previous exits and successful products, is not unknown for strategic marketing.

Key Findings

• OpenClaw is a functional agent, not a text bot: Autonomous system actions (email, calendar, files) possible without detours
• Security architecture is deficient: Plain-text passwords, excessive external dependencies, AI-generated code with uncontrolled complexity
• Alternatives like TrustClaw offer comparable performance with manual development and better security (1000+ applications, no password storage)
• Hype not proportional to technological innovation: Marketing-driven rather than technologically groundbreaking

Critical Questions

1. (Data Quality/Evidence) Which specific security vulnerabilities in OpenClaw have been demonstrated by independent security audits, and on which platforms were these published?

2. (Conflicts of Interest) To what extent does developer Peter Steinberger benefit economically from increased attention, and has he invested directly or indirectly in social media dissemination?

3. (Causality/Alternatives) Are OpenClaw's technical innovations (e.g., autonomous task repetition) truly unmatched, or do established RPA tools and specialized agents offer equivalent functions already?

4. (Feasibility/Risks) How can the high API costs be calculated in practice when OpenClaw consumes "disproportionately many tokens" – are there cost estimates for standard applications?

5. (Security/Side Effects) If OpenClaw runs on an isolated server, which data could still be transferred to third-party providers (OpenAI, Anthropic), and are these transfers documented as GDPR-compliant?

6. (Security/Side Effects) How is it ensured that companies using OpenClaw for email access do not experience unauthorized data access through security vulnerabilities in third-party dependencies?

Source Directory

Primary Source: KI fürs Business Podcast (03.03.2026) – Episode on OpenClaw with Andreas Schrade and Anke Precht https://content.rss.com/episodes/347821/2578695/ki-furs-business/2026_03_03_19_42_03_1567a748-c913-4ce6-aed6-06a721d470bd.mp3

Verification Status: ✓ 2026-03-03

This text was created with the support of an AI model. Editorial responsibility: clarus.news | Fact-checking: 2026-03-03