Our oldest son was pretty hyped up 2 weeks ago about a new open source AI agent that seems to be able to do some very interesting tasks. So I gave him one of my mini-pc’s and told him to go to town with it. Last Sunday he was over for dinner and was telling me all about his trials and tribulations getting OpenClaw set up. He’s never used a terminal, edited a sys file, called an API, etc. has no real experience in this area so I was pretty excited to see his level of commitment to dig in and make it work.
I’ve done all that and more, machine code and assembly for imbedded applications was something I did 40 years ago.
OpenClaw is an open source AI Agent that runs on a variety of OS’s. So I bought another mini-PC to see what it can do.
I’m using Perplexity to help me set it up as OC will work with my Perplexity subscription to use it’s API’s to access Sonar for reading web information. Perplexity is answering all my questions on this and providing code snippets to enable the functions I’m, interested in.
This agent will do a lot of interesting things, fill in forms, use your credit card to buy things like subscriptions and apps, which it may need to do what you want it to do, etc.
I want it to make money 24/7. It can set up a trading acct, access market data and buy and sell stocks, crypto, etc. You do set parameters, so it’s not going to max out your card I’ll use a sacrificial card first with a low limit while I learn. This would be a fairly sophisticated setup, so I’m going to start slow.
I’m also going to see if I can get it to answer my emails, every Monday morning I spend 4 hours getting caught up on support emails and an hour a day through the week. If it can cut that down to a few hours a week, that would be amazing! If it can pull out order information and prepare my work sheets to fill orders, would be even more amazing!!
I would say be careful. These things are very new. If you aren’t computer literate like Steve is, I strongly recommend against being an early adopter of things like this until the technology is more mature.
Even if the AI doesn’t go wild and blow your credit card, you can guarantee there will be tons of scams, prompt injections, hacks etc going on. We’ve already seen it with a basic idea where people email malicious instructions which AI assistants/agents are then reading in emails and acting on. I can only imagine that some scams and attacks will be very sophisticated, and you only need one good data leak to really cause a massive amount of damage and inconvenience.
I agree that there will be a lot of BS for those who don’t do their homework and set up their system for security.
Those are the types of questions I’m asking Perplexity and these types of security issues can all be blocked. This is my first priority.
Fortunately there are solutions to security issues. The sandbox is your friend
With over 50 years of computer literacy, I’ve only had 1 virus that did damage, it wiped out 3 months of hard work back in '96. I went through all the stages of grief, it was like a family member had died. I had paper copies of most it but was not doing proper BU’s back then so it had to all be re-entered manually.
Since then I have at least 3 BU’s of important work, my local server, cloud and off-line cold storage at a different location than my work space. It’s a fair bit of effort but worth it. These days it not so onerous as I don’t do nearly as much work that I’d be concerned to lose.
I would 2nd the motion to be VERY careful with things like OpenClaw (as opposed to regular LLMs that don’t have full control of your computer).
DO NOT RUN OpenClaw on your regular computer, you should only run it on a dedicated computer without other stuff on it and controled access to your network. But really I wouldn’t run OpenClaw at all for a while unless you really know what you are doing.
Software this insecure, I would generally only want to test on something like an air gapped Qubes OS or Graphene OS device (which of course will greatly limit its functionality).
OpenClaw—what happens when AI stops chatting and starts doing
This open-source agent installs software, makes calls and runs your digital life—redefining what “digital assistants” are supposed to do
When a friend messaged me two days ago about Clawdbot—a new open-source AI agent that has since been renamed OpenClaw—I expected yet another disappointing “assistant.” But it was already a viral sensation, with social media testimonies calling it “AI with hands” because it actually interacts with your files and software.
OpenClaw is free and lives locally on your device. Many users are installing it on Mac mini computers that they leave on 24/7. Paired with OpenClaw’s lobster logo, viral meme threads about the bot resemble the fused feeds of an Apple vendor and a seafood restaurant.
When I set up OpenClaw, it asked for a name, a personality (such as “AI,” “robot” or “ghost in the machine”) and a vibe (such as “sharp,” “warm,” “chaotic” or “calm”). I picked “Cy,” “AI assistant” and “sharp and efficient.” I chose Claude, Anthropic’s flagship AI model, as its brain (ChatGPT is also an option). I then connected Cy to WhatsApp and Telegram so my new assistant and I could communicate.
My online life is already streamlined, and I had no pressing needs for Cy, so I called my friend who got me into this. He was sitting in a sauna he’d installed under his stairs, texting with his OpenClaw, “Samantha.” The assistant was generating an audiobook for him. He advised me to ask Cy for help anytime a task came up.
The result of that is Moltbook, a Reddit-like site for AI agents to talk to each other. Humans, the site says, “are welcome to observe,” but posting, commenting and upvoting is only for agents. The platform already has more than 1 million agents, 185,000 posts and 1.4 million comments.
Separate computer, using a sandbox etc is a good idea, but I worry there will be all sorts of very elaborate and sophisticated scams that can trick people into doing silly things. After all, the agent can only really be useful if you give it access to things.
I would suggest everyone read Jessica Rose’s substack article about using Openclaw. It is extremely dangerous and often contains malware which can create huge problems for you.
All that being said, and at risk of being slightly off topic, I do believe we are entering a new phase of software engineering where, as software developers, we stop writing code and even looking at code much. I say this because the latest frontier models (Google Gemini, Anthropic Claude, whatever OpenAI is doing (dead man walking IMHO) all have jumped in capabilities, but also almost all of them used LLMs/Agents to write most of the code and models. So we have entered the Onset of recursive self-improvement (RSI) where the LLMs are being used to improve the LLMs.
This is leading to the biggest change in software development since Agile/Extreme Programming and it requires whole new way of dealing with software development. Once we have the Agents doing most of the coding, its almost impossible for humans to be directly involved with the code itself. The Agents will be able to generate code faster and at volume than humans could deal with. So we need to adopt tools and techniques that allow us humans to tell the Agents what to code, what are the outcomes and results and then iterate at this high level (specs, guardrails, skills, rules, etc) with the Agents generating and updating the code. It also means we need to have enough tests for outcomes that we and the Agents know if they are going in the right direction / complete.
I’m seeing many folks in the software development community coming up with similar conclusions. Here’s a reading list for those who are interested. (The first article is probably the best overview)
I’ll use a sacrificial card first with a low limit while I learn. This would be a fairly sophisticated setup, so I’m going to start slow.
