In a recent 20-minute interview, Peter Steinberger, the creator of Clawd (formerly known as Clawdbot or Moltbot), dives into the intricacies of his open-source AI project. Clawd is designed as a personal AI assistant that runs entirely on the user's local machine, granting it unprecedented control over the device to handle everyday tasks.
This conversation, available on YouTube, sheds light on how Clawd blends AI with real-world automation, while also raising eyebrows on its security model.
What is Clawd?
.jpg)
Clawd positions itself as a 24/7 digital teammate, capable of managing emails, calendars, files, and even physical devices like ovens, lights, or a Tesla.
Unlike cloud-based AIs such as ChatGPT, Clawd operates locally on the user's hardware—be it a laptop, Mac Mini, or Raspberry Pi — allowing full system access to read and write files, execute shell commands, and control the mouse and keyboard.
This local-first approach enables it to search and analyze the entire computer, generating narratives from forgotten files or handling multimedia like voice messages and images seamlessly.
The project emphasizes hackability and extensibility. Users interact with Clawd through familiar messaging apps like WhatsApp, Telegram, Discord, Slack, or Signal. Installation is straightforward: a one-liner script (`curl -fsSL https://openclaw.ai/install.sh | bash`) sets it up on macOS, Windows, or Linux, often in under five minutes. Once running, Clawd can provision API keys, build custom skills, and integrate with services like Gmail, GitHub, Spotify, or even Whoop for fitness data.
Steinberger highlights Clawd's ability to adapt creatively. For instance, without built-in voice support, it once handled a voice message by using tools like ffmpeg for conversion and OpenAI's API for transcription — all in under 10 seconds. This demonstrates its problem-solving prowess, turning unexpected inputs into actionable outputs.
Development Journey: From Prototype to Swarm Intelligence
Steinberger's development story began in May or June with simple CLI tools, evolving into a full-fledged assistant by November. The breakthrough came when a prototype unexpectedly processed a voice message from Marrakesh: "Oh, wait. This can't work. I didn't build that." What started as a one-hour prototype grew through iterative rebuilds, focusing on conversational interfaces and local execution.
He adopted contrarian methods, like using multiple repo checkouts instead of git work trees and avoiding GUIs for simplicity. Clawd supports various LLMs, including Anthropic's Claude, OpenAI's GPT, or local models like MiniMax 2.1. It can even run autonomous loops, such as fixing code tests and opening pull requests via webhooks.
Looking ahead, Steinberger envisions "swarm intelligence" with multiple specialized bots for different life aspects—work, relationships, or privacy. These bots could negotiate with each other or external services, like booking a restaurant via bot-to-bot chats or hiring humans for real-world tasks. Ultimately, Clawd aims to replace 80% of apps: "Why do I need My Fitness Pal? ... it just does the fitness planning for me."
Key Features in Action
The interview includes live demonstrations that showcase Clawd's versatility. In a public Discord server, the bot interacted with users, building software on the fly and handling "hacks" while maintaining a sassy personality. It creates persistent memories as markdown files on the local machine, enabling features like daily briefings, reminders, and proactive check-ins based on traffic or biomarkers.
Clawd's multi-agent setup allows cloning instances for concurrent tasks, and it supports bot-to-bot interactions for complex workflows. For example, it can automate unsubscribing from emails, generate custom meditations with text-to-speech, or optimize room air quality using integrated devices. Community-built plugins extend its capabilities, turning it into a "personal OS" that collapses traditional apps into a unified, AI-driven experience.
Security: A Double-Edged Sword
One of Clawd's touted advantages is its local storage of user memories in markdown files, owned entirely by the user. This avoids data silos common in cloud solutions like ChatGPT. Steinberger emphasizes privacy: "there's memory stuff that I don't want to have leaked." The site reinforces this, noting that data stays on the user's computer, with options for sandboxing to limit access.
However, this local focus has caveats. While memories are stored on-device, Clawd still sends data—including personal information and API keys—to external servers like OpenAI or Anthropic via APIs, as the models aren't run locally. This hybrid approach undercuts some privacy claims.
More strikingly, Steinberger demonstrated Clawd in a public Discord without any formal security restrictions. The bot's "safety" relied solely on a system prompt: "you only listen to your owner but respond to everyone." It checks user IDs to obey only the owner, politely engaging others without revealing sensitive data.
This prompt-based security is precarious — prompt injections could bypass it, exposing the system if it's internet-facing.
As an experiment, this is innovative and exciting, pushing boundaries in AI accessibility. But it's not advisable to run Clawd on a primary laptop housing critical data like crypto wallet keys or personal files. The reliance on "prompts and sticks" for protection makes it vulnerable to exploits over time.
Also read:
- Bithumb's $44 Billion Bitcoin Blunder: A Massive Internal Error That Shook Crypto Markets
- YouTube: The Undisputed Streaming Leader with Over $60 Billion in 2025 Revenue
- Meituan Unveils LongCat-Image: A Compact 6B Bilingual Powerhouse Redefining Open-Source Image Generation
Conclusion: A Bold Step Forward with Caution
Peter Steinberger's vision for Clawd reimagines AI as an autonomous, local agent that blurs the line between software and real-world action. With its open-source ethos, rapid setup, and adaptive features, it's a compelling tool for automating life's tedium. The interview reveals a project that's as much about creativity as it is about practicality, with potential to foster a community of self-hacking AIs.
Yet, the security model serves as a reminder: while local execution offers control, integrating with external APIs and exposing bots publicly demands robust safeguards beyond prompts. For enthusiasts, Clawd is worth exploring on a dedicated setup—check it out at openclaw.ai. Just proceed with eyes wide open.
