OpenClaw is an open-source personal AI assistant that runs on your own hardware and connects to messaging apps like WhatsApp, Telegram, and Discord. Created by Peter Steinberger (@steipete), it executes actions rather than just conversations—reading files, managing calendars, monitoring GitHub repos, and executing system commands. The system uses a Gateway-centric architecture with persistent memory powered by SQLite with hybrid search capabilities.
Note: Originally launched as “Clawdbot” in November 2025, renamed to “Moltbot” in January 2026 (due to Anthropic trademark notice), and finally to “OpenClaw” on January 29, 2026. Peter Steinberger joined OpenAI in February 2026.
GitHub: 356k+ stars, 72.2k+ forks, 1,630+ contributors | License: MIT
- Self-hosted execution on your own infrastructure
- Multi-platform messaging integration (WhatsApp, Telegram, Discord, Slack, Signal, iMessage, and 16+ more)
- Local file access and system command execution
- Persistent memory with SQLite hybrid search (vector + keyword, no external database required)
- Multi-model support (Claude, GPT-4, or local models via Ollama)
- Proactive responses and event monitoring
- Plugin and skill ecosystem for extensibility (ClawHub registry)
- 22+ messaging platform integrations and 28+ model providers
- Multi-agent routing to isolated workspaces/sessions
- Developer automation (monitor GitHub repos, trigger deployments, check logs)
- Personal assistance (calendar management, email triage, reminders)
- CI/CD integration (monitor builds, view logs, trigger actions)
- System administration (execute commands, manage files, automate tasks)
- Privacy-sensitive operations (handle confidential data without cloud exposure)
- Languages: TypeScript 90.4%, Swift 5.4%, Kotlin 1.4%, Shell 1.0%, JavaScript 1.0%, CSS 0.4%, Other 0.4%
- Gateway: Node.js 24 recommended (Node.js 22.16+ minimum supported)
- Database: SQLite with hybrid search (vector + keyword via sqlite-vec)
- Libraries: Baileys (WhatsApp), grammY (Telegram), TypeBox (schema validation)
- Docker: Official pre-built images at
ghcr.io/openclaw/openclaw (tags: latest, 2026.4.10-slim, 2026.4.10-arm64); container sandbox support
OpenClaw uses a Gateway-centric architecture:
- Gateway daemon (port 18789) - Single source of truth for sessions, routing, channels
- Bridge daemon (port 18790) - Handles WhatsApp Web session management
- WebSocket-first protocol - All communication via WebSocket with JSON frames
- Device-based pairing - Cryptographic challenges for new device approval
- Session-based routing - Isolated conversations per channel/peer with multi-agent support
- SQLite with hybrid search - Persistent memory with vector + keyword search (no external database)
- A2UI - Visual workspace technology for agent configuration
- Open-source and self-hosted
- Security warning: Default pairing mode for DMs (
dmPolicy="pairing") - unknown senders require approval
- Critical: Never expose port 18789 to public internet
- Use a reverse proxy with authentication for remote access
- Tailscale integration available (
gateway.tailscale.mode: "serve" / "funnel")
- Run
openclaw doctor to check configuration and surface risky/misconfigured DM policies
- Requires technical expertise for setup and management
- Designed for users who want maximum control and privacy
- Sandbox mode available for group/channel safety (
agents.defaults.sandbox.mode: "all")
- Latest Release: v2026.4.12 (April 13, 2026) - 89 total releases
- ⚠️ Security Advisories:
- CVE-2026-28472 (CVSS 9.8 Critical): WebSocket authentication bypass. Versions ≤ 2026.2.1 affected. Upgrade to 2026.2.2 or higher immediately.
- CVE-2026-25253 (CVSS 8.8 High): Cross-site WebSocket hijacking leading to auth token theft and RCE. Patched in v2026.1.29. Discovered by Mav Levin (DepthFirst); related “ClawJacked” attack chain documented by Oasis Security.
- CVE-2026-34504 (April 2026): SSRF via fal provider image download. Upgrade to latest version.
- Recent Fixes (v2026.4.10):
basic-ftp CRLF injection patch, SSRF/browser hardening, workspace .env override prevention, plugin auth hijack prevention, exec sandbox hardening, owner-only /allowlist authorization
¶ History and References
- Official Website: https://openclaw.ai/
- Documentation: https://docs.openclaw.ai/
- GitHub: https://github.com/openclaw/openclaw
- Docker Images: https://ghcr.io/openclaw/openclaw
- ClawHub (Skills Registry): https://clawhub.com/
- Discord: https://discord.gg/openclaw
- Install Scripts: https://openclaw.ai/install.sh | https://openclaw.ai/install.ps1
Any questions?
Feel free to contact us. Find all contact information on our contact page.