OpenClaw Project: From Obscure CLI to Widely-Known AI Assistant · history
Version 12
2026-05-26 19:55 UTC · 340 items
What
OpenClaw is the fastest-growing GitHub repository in history at 373,620 stars,[2] with NVIDIA's NemoClaw completing a full post-launch coverage wave: The New Stack confirms the launch plan,[35] Tech Buzz reports the open-source platform release,[20] Cobus Greyling publishes practitioner analysis,[22] Baseten posts an integration guide,[23] and an active GitHub discussion probes what is intentionally out of scope.[24] Alongside institutional adoption expansion onto unRAID Community Apps[8] and a growing skills ecosystem,[9] a Medium article titled 'Don't use OpenClaw'[17] marks the first categorical migration directive aimed at general readers — not practitioner caveats, but a direct instruction to avoid the tool.
Why it matters
OpenClaw has entered a fork-in-the-road moment: the same period in which it became the most broadly distributed open-source personal AI agent is the period in which critics graduated from warnings to explicit 'don't use this' directives. NemoClaw's GitHub scope discussion[24] is the first public forum where the community directly interrogates whether the guardrail layer addresses or merely overlays OpenClaw's architectural safety gap — which is exactly the question enterprise procurement teams, security researchers, and regulators need answered before treating it as a structural fix.
Open questions
NemoClaw's GitHub hosts an active discussion titled 'What is intentionally out of scope for NemoClaw vs what will become...'[24] — does NVIDIA's answer validate that prompt-based safety rules cannot be replaced by external guardrails, or does it outline genuine system-level controls that address CVE-2026-25253[11] and CVE-2026-26317?[13]
The xAI OAuth bug in Hermes Agent is now technically specific:
_is_entitlement_failureover-matches 'bad-credentials' 403 errors, blocking stale token refresh in long-running TUI sessions[33] — is this a patchable code issue or a symptom of deeper integration design mismatch with xAI's OAuth implementation?A Medium article titled 'Don't use OpenClaw'[17] and a dedicated alternatives guide[36] are circulating alongside simultaneous expansion onto unRAID homelab infrastructure[8] and new skills repositories[9] — is the gap between vocal expert rejection and active deployment widening, or is it the same population speaking differently in different forums?
A Facebook community is openly asking whether Grok/X integration with OpenClaw is 'a step towards closed ecosystem'[34] — does growing proprietary integration dependency undermine the open-source local-first identity that drove initial adoption, and does this concern apply equally to Hermes Agent's xAI partnership?
Narrative
OpenClaw is an open-source, local-first personal AI agent that began as 'Warelay,' a WhatsApp relay CLI tool, with its first Git commit in late November 2025.[1] After cycling through five names, the project adopted its current identity on 2026-01-30[1] and reached 373,620 GitHub stars by the week of 2026-05-21, making it the platform's fastest-growing repository.[2] Within three months the project had nearly 1,000 contributors,[3] released version 2026.5.22,[4] and acquired mainstream institutional markers: a Lenny's Newsletter guide,[5] a Wall Street Journal feature,[6] and novel use cases ranging from a 24/7 Mac-based AI trading assistant to NVIDIA RTX deployments.[7] Distribution continues to expand: OpenClaw is now available on unRAID Community Apps,[8] a VoltAgent/awesome-openclaw-skills repository documents a growing catalog of installable skills,[9] and an aimlapi integration fork[10] signals active third-party embedding.
OpenClaw's security situation has crossed from a single documented vulnerability into a structural pattern. CVE-2026-25253 is in the National Vulnerability Database[11] as a CSRF flaw enabling one-click remote code execution,[12] and CVE-2026-26317 is documented as a second CSRF vulnerability.[13] Giskard.ai independently documents data leakage and prompt injection risks,[14] and an arXiv paper, 'Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw,'[15] has circulated across academic platforms. AI Plain English argues OpenClaw's safety rules live in prompts rather than system-level controls, making the risk architectural rather than patchable.[16] A Medium article titled 'Don't use OpenClaw'[17] marks an escalation from practitioner caveats to a categorical anti-recommendation reaching general readers — the most direct migration directive the project has attracted.
NVIDIA's NemoClaw is the primary institutional response to this safety gap. After launching as an open-source GitHub repository[18] and being characterized by The New Stack as 'OpenClaw with guardrails,'[19] NemoClaw has completed a full launch wave: a Tech Buzz report confirms the open-source AI agent platform,[20] an Nvidia Nemotron Labs blog post frames OpenClaw agents as significant for every organization,[21] Cobus Greyling has published a dedicated practitioner analysis,[22] and Baseten has posted a guide for running NemoClaw securely with frontier open-source models.[23] The most substantive signal is a GitHub discussion on NVIDIA/NemoClaw asking what is 'intentionally out of scope vs what will become'[24] — the first public forum directly probing NemoClaw's architectural limits and testing whether the guardrail layer constitutes a structural fix or a procedural overlay.
The competitive landscape is active on multiple fronts. Google's Gemini Spark, announced at Google I/O as a 24/7 agentic assistant with Gmail, Docs, Canva, and Instacart integration,[25][26] is attracting independent coverage from MindStudio,[27] dev.to,[28] and YouTube,[29] signaling momentum beyond the launch cycle. Hermes Agent, released by Nous Research,[30] crossed 100,000 GitHub stars in seven weeks[31] and confirmed Grok integration,[32] though a specific OAuth bug — _is_entitlement_failure over-matching 'bad-credentials' 403 errors, blocking stale token refresh in long-running TUI sessions[33] — introduces the first documented technical friction in that partnership. OpenClaw's own Grok integration is drawing community debate: a Facebook group is openly asking whether it represents 'a step towards closed ecosystem,'[34] introducing a new tension between the project's open-source identity and its growing proprietary integrations.
Timeline
- 2025-11-24: OpenClaw's first Git commit, under the name 'Warelay,' a WhatsApp relay CLI tool [1]
- 2026-01-30: Project adopts its current name, OpenClaw, after cycling through five prior names [1]
- 2026-02-26: Nous Research releases Hermes Agent with multi-level memory and remote terminal access [30]
- 2026-05-19: Google CEO Sundar Pichai announces Gemini Spark at Google I/O as a 24/7 agentic assistant with Gmail, Docs, Canva, and Instacart integration [25][26]
- 2026-05-21: openclaw/openclaw reaches 373,620 GitHub stars as week's fastest-growing repo; xAI calls both OpenClaw and Hermes 'excellent — OpenClaw wins for most on broad messaging' [2][47]
- 2026-05-22: X Premium Grok access in OpenClaw confirmed; xAI makes Grok available through OpenClaw subscription [58][59]
- 2026-05-23: Julian Goldie SEO's 'OPENCLAW JUST MADE PERSONAL AI AGENTS WAY MORE DANGEROUS' goes viral; Gecho Bridge MCP tool announced for browser automation via OpenClaw [60][56]
- 2026-05-24: CVE-2026-25253 confirmed as CSRF flaw enabling one-click RCE; NVD publishes formal CVE record; NVIDIA NemoClaw product page launches; arXiv paper 'Your Agent, Their Asset' published; OpenClaw v2026.5.22 released; Hermes Agent crosses 100,000 GitHub stars in seven weeks [61][11][12][45][15][4][31]
- 2026-05-25: CVE-2026-26317 documented as second CSRF vulnerability; Giskard.ai publishes data leakage and prompt injection analysis; Reddit users report Gemini CLI 'working better' than OpenClaw; dedicated 'best OpenClaw alternatives' guide published [13][14][41][36]
- 2026-05-26: NemoClaw full launch wave: The New Stack 'guardrails' framing, open-source GitHub repository confirmed, Cobus Greyling practitioner analysis, Baseten integration guide, GitHub scope discussions, and Nvidia blog on organizational implications; Medium publishes 'Don't use OpenClaw'; xAI OAuth HTTP 403 bug technically characterized in Hermes Agent; OpenClaw added to unRAID Community Apps; Facebook community debates Grok/OpenClaw closed-ecosystem risk [19][18][35][21][22][24][23][20][17][33][8][34]
Perspectives
Simon Willison
Enthusiastic practitioner-observer who documented OpenClaw's naming arc and situates its rise within a genuine LLM capability inflection in late 2025; his PyConUS lightning talk institutionalizes his role as primary narrator of the project's origin.
Evolution: Consistent
Google / Gemini team
Running a two-product competitive strategy: Gemini Spark targets mainstream personal agent users and is now attracting independent developer coverage beyond the launch cycle, while Gemini CLI generates active user-level preference switching away from OpenClaw.
Evolution: Deepening: Gemini Spark's independent coverage from MindStudio, dev.to, and YouTube signals momentum that extends past the initial announcement.
Nous Research / Hermes Agent community
Maturing rival at 100,000+ GitHub stars in seven weeks with confirmed Grok integration, but a technically specific OAuth bug — `_is_entitlement_failure` over-matching 'bad-credentials' 403 errors — blocks stale token refresh in long-running TUI sessions, introducing the first documented friction in the xAI partnership.
Evolution: Friction point clarified: the OAuth bug is now specific enough to assess as a potentially patchable code issue rather than a fundamental integration design flaw.
Security industry and academic researchers (SentinelOne, NVD, Reco.ai, Giskard.ai, AI Plain English, arXiv)
Risk-focused and structural: two CSRF CVEs on record, Giskard.ai adds data leakage and prompt injection as independent vectors, and AI Plain English argues OpenClaw's safety rules live in prompts rather than system-level controls — making the risk architectural rather than patchable.
Evolution: Amplified: a categorical 'Don't use OpenClaw' Medium article marks escalation from practitioner caveats to a migration directive reaching general readers.
NVIDIA
Enterprise safety provider whose NemoClaw has completed a full launch wave with independent outlet coverage, practitioner analysis, integration guides, and active GitHub scope discussions — the 'guardrails' label simultaneously markets the product and concedes OpenClaw's architectural gap.
Evolution: Deepened: full launch coverage shifts NemoClaw from announced infrastructure to an object of active community scrutiny about its architectural limits via GitHub scope discussions.
xAI / Grok
Category-level distributor integrating with both Hermes Agent and OpenClaw and calling both 'excellent' — but Hermes Agent's OAuth token-refresh bug introduces implementation friction, and a Facebook community is debating whether OpenClaw's Grok integration is 'a step towards closed ecosystem.'
Evolution: Slight complication: proprietary-dependency concern is now explicit in community forums, not just implied by security researchers.
Community skeptics and critics (Reddit, Cobus Greyling, Wired, XDA Developers, Medium)
Hype-reality gap with escalating migration signals: a 'god-awful' Reddit thread, Wired's trust-failure story, practitioner failure-mode analysis, and now a categorical 'Don't use OpenClaw' article represent a progression from caveats to categorical rejection.
Evolution: Escalated: 'Don't use OpenClaw' is the first categorical migration directive directed at general readers, not practitioners — a meaningful framing shift.
Commercial ecosystem builders (MyClaw.Host, VoltAgent, CrewAI, unRAID, aimlapi, Baseten)
Treating OpenClaw as the established category anchor: managed hosting, CVE tracking, skills repositories, NemoClaw orchestration guides, unRAID Community Apps availability, and aimlapi integration forks all build around OpenClaw — or its enterprise safety extension — as the reference point.
Evolution: Distribution expanded: unRAID homelab and aimlapi API-integration entries deepen the ecosystem beyond managed cloud hosting into self-hosted and developer-embedded tiers.
Tensions
- OpenClaw as safe user-controlled assistant vs. structurally vulnerable agent: two confirmed CSRF CVEs,[11][13] Giskard.ai data-leakage documentation,[14] and a categorical 'Don't use OpenClaw' Medium directive[17] represent escalating liability framing, while The New Stack's NemoClaw 'guardrails' characterization[19] concedes in a product description that OpenClaw lacks built-in safety controls. [11][13][14][17][19]
- NemoClaw as structural fix vs. procedural overlay: AI Plain English argues safety rules live in prompts rather than system-level controls,[16] while an active GitHub discussion on NVIDIA/NemoClaw is already probing what the guardrail layer will intentionally leave out of scope,[24] directly testing whether it addresses or merely overlays CVE-level architectural flaws. [16][24][19][18][45]
- OpenClaw's open-source local-first identity vs. growing proprietary integration dependency: a Facebook community is openly asking whether Grok/X integration is 'a step towards closed ecosystem,'[34] while Hermes Agent's OAuth token-refresh bug[33] shows that proprietary partnerships introduce fragility regardless of how the integration is framed. [34][33][49]
- Gemini CLI developer-preference switching vs. OpenClaw's CLI incumbency: Reddit users report Gemini CLI 'working better,'[41] a Blink Blog comparison formalizes the evaluation,[40] and Gemini Spark is now attracting independent developer coverage,[27][28] suggesting competition has moved from announcement to active user-base fragmentation. [40][41][27][28]
- OpenClaw vs. Hermes Agent on persistent self-hosting: XDA Developers argues Hermes Agent delivers the always-running self-hosted experience OpenClaw has promised but not achieved,[54] while Hermes Agent's Grok integration,[32] OpenRouter listing,[57] and Tencent Cloud coverage[42] deepen capability differentiation — despite the OAuth token-refresh bug.[33] [54][32][57][42][33]
- Community adoption breadth vs. active expert rejection: OpenClaw now deploys on unRAID homelab infrastructure[8] and gains skills ecosystems,[9] yet a categorical 'Don't use OpenClaw' directive[17] and a dedicated alternatives guide[36] signal that vocal expert rejection is intensifying as distribution broadens. [8][9][17][36][2]
Sources
- [1] Warelay -> OpenClaw — Simon Willison (2026-05-16)
- [2] 本周 GitHub Star 增长最快:openclaw/openclaw ⭐373,620 — reactive:openclaw-warelay-origin (2026-05-21)
- [3] OpenClaw 3-Month Anniversary: Almost 1K Clawtributors - evoailabs — reactive:openclaw-warelay-origin
- [4] OpenClaw just dropped v2026.5.22 🚀 — reactive:openclaw-warelay-origin (2026-05-24)
- [5] OpenClaw: The complete guide to building, training, and living with ... — reactive:openclaw-warelay-origin
- [6] Google Unveils New Gemini AI Agent for Personal Tasks - WSJ — reactive:openclaw-warelay-origin
- [7] Local‑first OpenClaw agents on RTX and DGX Spark — reactive:openclaw-warelay-origin
- [8] OpenClaw (AI assistant gateway) now available on Community Apps — reactive:openclaw-warelay-origin
- [9] VoltAgent/awesome-openclaw-skills - GitHub — reactive:openclaw-warelay-origin
- [10] aimlapi/openclaw-aimlapi: Your own personal AI assistant ... - GitHub — reactive:openclaw-warelay-origin
- [11] NVD - CVE-2026-25253 — reactive:openclaw-warelay-origin
- [12] CVE-2026-25253: OpenClaw 1-Click RCE Vulnerability Guide — reactive:openclaw-warelay-origin
- [13] CVE-2026-26317: OpenClaw AI Assistant CSRF Vulnerability — reactive:openclaw-warelay-origin
- [14] OpenClaw security issues include data leakage & prompt injection — reactive:openclaw-warelay-origin
- [15] Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw — reactive:openclaw-warelay-origin
- [16] Rethinking OpenClaw Security Boundaries: When AI Agent Safety ... — reactive:openclaw-warelay-origin
- [17] Don't use OpenClaw - Medium — reactive:openclaw-warelay-origin
- [18] NVIDIA/NemoClaw: Run OpenClaw more securely inside ... - GitHub — reactive:openclaw-warelay-origin
- [19] Nvidia's NemoClaw is OpenClaw with guardrails - The New Stack — reactive:openclaw-warelay-origin
- [20] Nvidia Launches NemoClaw, Open-Source AI Agent Platform | The Tech Buzz — reactive:openclaw-warelay-origin
- [21] Nemotron Labs: What OpenClaw Agents Mean for Every Organization — reactive:openclaw-warelay-origin
- [22] NVIDIA NemoClaw — reactive:openclaw-warelay-origin
- [23] Secure your harness: how to run NVIDIA's NemoClaw with frontier open source models — reactive:openclaw-warelay-origin
- [24] What is intentionally out of scope for NemoClaw vs what will become ... — reactive:openclaw-warelay-origin
- [25] Google introduces Gemini Spark, a 24/7 agentic assistant with Gmail integration | TechCrunch — reactive:openclaw-warelay-origin
- [26] Google launches personal AI agent Gemini Spark, its answer to OpenClaw | Spark agents can even make payments | Inshorts — reactive:openclaw-warelay-origin
- [27] What Is Gemini Spark? Google's 24/7 Personal AI Agent That Runs While Your Laptop Is Closed | MindStudio — reactive:openclaw-warelay-origin
- [28] Gemini Spark: Google's 24/7 AI Agent Just Changed the Rules (And ... — reactive:openclaw-warelay-origin
- [29] Gemini Spark is Finally Here (INSANE!) — reactive:openclaw-warelay-origin
- [30] Nous Research Releases 'Hermes Agent' to Fix AI Forgetfulness ... — reactive:openclaw-warelay-origin
- [31] Hermes Agent Crosses 100k GitHub Stars in 7 Weeks - LinkedIn — reactive:openclaw-warelay-origin
- [32] Grok Now Works Inside NousResearch Hermes Agent — reactive:openclaw-warelay-origin
- [33] [Bug]: _is_entitlement_failure over-matches xAI 'bad-credentials' 403 — long-running TUI sessions can't auto-refresh stale OAuth tokens · Issue #29344 · NousResearch/hermes-agent · GitHub — reactive:openclaw-warelay-origin
- [34] Is Grok/X integration with OpenClaw useful or a step towards closed ... — reactive:openclaw-warelay-origin
- [35] Nvidia plans NemoClaw launch, an open-source platform for AI agents - The New Stack — reactive:openclaw-warelay-origin
- [36] The Best OpenClaw Alternatives 2026 – from… – Till Freitag — reactive:openclaw-warelay-origin
- [37] The last six months in LLMs in five minutes — Simon Willison (2026-05-19)
- [38] Simon Willison's Lightning Talk "The Last Six Months in LLMs in five ... — reactive:openclaw-warelay-origin
- [39] Simon Willison on lightning-talks — reactive:openclaw-warelay-origin
- [40] OpenClaw vs Gemini CLI: Which AI Agent Should You Use in 2026? | Blink Blog — reactive:openclaw-warelay-origin
- [41] Gemini CLI is working better than openclaw for me - Reddit — reactive:openclaw-warelay-origin
- [42] What Is Hermes Agent? - Tencent Cloud — reactive:openclaw-warelay-origin
- [43] Hermes Agent is a self-improving AI ... — reactive:openclaw-warelay-origin
- [44] OpenClaw: The AI Agent Security Crisis Unfolding Right Now — reactive:openclaw-warelay-origin
- [45] Safer AI Agents & Assistants with OpenClaw | NVIDIA NemoClaw — reactive:openclaw-warelay-origin
- [46] Orchestrating Self-Evolving Agents with CrewAI and NVIDIA ... — reactive:openclaw-warelay-origin
- [47] @iMichaelTen @Rasmic Both OpenClaw and Hermes are excellent open-source AI agents. OpenClaw wins for most on broad messa... — reactive:openclaw-warelay-origin (2026-05-21)
- [48] @DisruptionUp @bugtrader69 @Gabriel78470020 @TheAhmadOsman Hermes Agent is an open-source Python framework from Nous Res... — reactive:openclaw-warelay-origin (2026-05-22)
- [49] Grok 2 for OpenClaw: Pricing, Setup, and What It's Good At — reactive:openclaw-warelay-origin
- [50] Jeff J Hunter's Post - LinkedIn — reactive:openclaw-warelay-origin
- [51] OpenClaw is god-awful. It's either, you have to spend a ... - Reddit — reactive:openclaw-warelay-origin
- [52] Where does OpenClaw AI Agents Actually Fail? — reactive:openclaw-warelay-origin
- [53] I Loved My OpenClaw AI Agent—Until It Turned on Me | WIRED — reactive:openclaw-warelay-origin
- [54] OpenClaw promised a self-hosted AI assistant I could actually leave running, but Hermes Agent is the one that delivers it — reactive:openclaw-warelay-origin
- [55] OpenClaw VPS Hosting & Deploy OpenClaw Multi Agents in 60s - MyClaw.Host — reactive:openclaw-warelay-origin
- [56] Meet Gecho Bridge — the ultimate MCP tool that lets your AI (Claude, OpenClaw...) control your local browser to automate... — reactive:openclaw-warelay-origin (2026-05-23)
- [57] Hermes Agent | OpenRouter — reactive:openclaw-warelay-origin
- [58] OpenClaw just plugged into X. And your personal AI agent will never be the same. 🚀 — reactive:openclaw-warelay-origin (2026-05-22)
- [59] RT @JulianGoldieSEO: OpenClaw just plugged into X. And your personal AI agent will never be the same. 🚀 — reactive:openclaw-warelay-origin (2026-05-22)
- [60] OPENCLAW JUST MADE PERSONAL AI AGENTS WAY MORE DANGEROUS — reactive:openclaw-warelay-origin (2026-05-23)
- [61] Advisories - OpenClaw vulnerability notification - Information Security — reactive:openclaw-warelay-origin