alt Hacker NewsAndrej Karpathy talks about "Claws"
Comments
The actual content: https://xcancel.com/karpathy/status/2024987174077432126
Why is this linking to a blog post of what someone said, instead of directly linking to what they said?
I'm predicting some wave of articles why clawd is over and was overhyped all along in a few months and the position of not having delved into it in the first place will have been the superior use of your limited time alive
I’ve been building my own “OpenClaw” like thing with go-mcp and cloudflare tunnel/email relay. I can send an email to Claude and it will email me back status updates/results. Not as easy to setup as OpenClaw obviously but alt least I know exactly what code is running and what capabilities I’m giving to the LLM.
I wonder how long it'll take (if it hasn't already) until the messaging around this inevitably moves on to "Do not self-host this, are you crazy? This requires console commands, don't be silly! Our team of industry-veteran security professionals works on your digital safety 24/7, you would never be able to keep up with the demands of today's cybersecurity attack spectrum. Any sane person would host their claw with us!"
Next flood of (likely heavily YC-backed) Clawbase (Coinbase but for Claws) hosting startups incoming?
OpenClaw is the 6-7 of the software world. Our dystopia is post-absurdist.
So what is a "claw" exactly?
An ai that you let loose on your email etc?
And we run it in a container and use a local llm for "safety" but it has access to all our data and the web?
The real big deal about 'claws' in that they're agents oriented around the user.
The kind of AI everyone hates is the stuff that is built into products. This is AI representing the company. It's a foreign invader in your space.
Claws are owned by you and are custom to you. You even name them.
It's the difference between R2D2 and a robot clone trying to sell you shit.
(I'm aware that the llms themselves aren't local but they operate locally and are branded/customized/controlled by the user)
My summary: openclaw is a 5/5 security risk, if you have a perfectly audited nanoclaw or whatever it is 4/5 still. If it runs with human-in-the-loop it is much better, but the value is quickly diminishing. I think llms are not bad at helping to spec down human language and possibly doing great also in creating guardrails via tests, but i’d prefer something stable over llms running in “creative mode” or “claw” mode.
We got store-brand Claw before GTA VI.
For real though, it's not that hard to make your own! NanoClaw boasted 500 lines but the repo was 5000 so I was sad. So I took a stab at it.
Turns out it takes 50 lines of code.
All you need is a few lines of Telegram library code in your chosen language, and `claude -p prooompt`.
With 2 lines more you can support Codex or your favorite infinite tokens thingy :)
https://github.com/a-n-d-a-i/ULTRON/blob/main/src/index.ts
That's it! There are no other source files. (Of course, we outsource the agent, but I'm told you can get an almost perfect result there too with 50 lines of bash... watch this space! (It's true, Claude Opus does better in several coding and computer use benchmarks when you remove the harness.))
There's a gap in the market here - not me but somebody needs to build an e-commerce bot and call it Santa Claws
What are people using Claws for? It is interesting to see it everywhere but I haven’t had any good ideas for using them.
Anyone to share their use case? Thanks!
Karpathy has a good ear for naming things.
"Claw" captures what the existing terminology missed, these aren't agents with more tools (maybe even the opposite), they're persistent processes with scheduling and inter-agent communication that happen to use LLMs for reasoning.
Are these things actually useful or do we have an epidemic of loneliness and a deep need for vanity AI happening?
I say this because I can’t bring myself to finding a use case for it other than a toy that gets boring fast.
One example in some repos around scheduling capabilities mentions “open these things and summarize them for me” this feels like spam and noise not value.
A while back we had a trending tweet about wanting AI to do your dishes for you and not replace creativity, I guess this feels like an attempt to go there but to me it’s the wrong implementation.
The current hype around agentic workflows completely glosses over the fundamental security flaw in their architecture: unconstrained execution boundaries. Tools that eagerly load context and grant monolithic LLMs unrestricted shell access are trivial to compromise via indirect prompt injection.
If an agent is curling untrusted data while holding access to sensitive data or already has sensitive data loaded into its context window, arbitrary code execution isn't a theoretical risk; it's an inevitability.
As recent research on context pollution has shown, stuffing the context window with monolithic system prompts and tool schemas actively degrades the model's baseline reasoning capabilities, making it exponentially more vulnerable to these exact exploits.
Why mac mini instead of something like a raspberry pi? Aren't thede claw things delegating inference to OpenAI, Antropic etc.?
I read [and comment on] two influencers maintaining their circles
This is all so unscientific and unmeasurable. Hopefully we can construct more order parameters on weights and start measuring those instead of "using claws to draw pelicans on bicycles"
He also talks about picoclaw which even runs on $10 hardware and is a fork by sipeed, a chinese company who does IoT.
https://github.com/sipeed/picoclaw
another chinese coompany m5stack provides local LLMs like Qwen2.5-1.5B running on a local IoT device.
https://shop.m5stack.com/products/m5stack-llm-large-language...
Imagine the possibilities. Soon we will see claw-in-a-box for less than $50.
I too am interested in "Claws", but I want to figure out how to run it locally inside a capabilities based secure OS, so that it can be tightly constrained, yet remain useful.
IMO the security pitchforking on OpenClaw is just so overdone. People without consideration for the implications will inevitably get burned, as we saw with the reddit posts "Agentic Coding tool X wiped my hard drive and apologized profusely". I work at a FAANG and every time you try something innovative the "policy people" will climb out of their holes and put random roadblocks in your way, not for the sake of actual security (that would be fine but would require actual engagement) but just to feel important, it reminds me of that.
Has anyone find a useful way to to something with Claws without massive security risk?
As a n8n user, i still don't understand the business value it adds beyond being exciting...
Any resources or blog post to share on that?
giving my private data/keys to 400K lines of vibe coded monster that is being actively attacked at scale is not very appealing at all
If this were 2010, Google, Anthropic, XAI, OpenAI (GAXO?) would focus on packaging their chatbots as $1500 consumer appliances.
It's 2026, so, instead, a state-of-the-art chatbot will require a subscription forever.
Does anyone know a Claw-like that:
- doesnt do its own sandboxing (I'll set that up myself)
- just has a web UI instead of wanting to use some weird proprietary messaging app as its interface?
Does one really need to _buy_ a completely new desktop hardware (ie. mac mini) to _run_ a simple request/response program?
Excluding the fact that you can run LLMs via ollama or similar directly on the device, but that will not have a very good token/s speed as far as I can guess...
How much does it cost to run these?
I see mentions of Claude and I assume all of these tools connect to a third party LLM api. I wish these could be run locally too.
I just realized i built open claw over a year, but never released it to anyone. Should have released it and got the fame. Shucks.
[flagged]
I don't understand the mac mini hype. Why can it not be a vm?
I run a Discord where we've had a custom coded bot I created since before LLM's became useful. When they did, I integrated the bot into LLMs so you could ask it questions in free text form. I've gradually added AI-type features to this integration over time, like web search grounding once that was straightforward to do.
The other day I finally found some time to give OpenClaw a go, and it went something like this:
- Installed it on my VPS (I don't have a Mac mini lying around, or the inclination to just go out and buy one just for this)
- Worked through a painful path of getting it a browser working (VPS = no graphics subsystem...)
- Decided as my first experiment, to tell it to look at trading prediction markets (Polymarket)
- Discovered that I had to do most of the onboarding for this, for numerous reasons like KYC, payments, other stuff OpenClaw can't do for you...
- Discovered that it wasn't very good at setting up its own "scheduled jobs". It was absolutely insistent that it would "Check the markets we're tracking every morning", until after multiple back and forths we discovered... it wouldn't, and I had to explicitly force it to add something to its heartbeat
- Discovered that one of the bets I wanted to track (fed rates change) it wasn't able to monitor because CME's website is very bot-hostile and blocked it after a few requests
- Told me I should use a VPN to get around the block, or sign up to a market data API for it
- I jumped through the various hoops to get a NordVPN account and run it on the VPS (hilariously, once I connected it blew up my SSH session and I had to recovery console my way back in...)
- We discovered that oh, NordVPN's IP's don't get around the CME website block
- Gave up on that bet, chose a different one...
- I then got a very blunt WhatsApp message "Usage limit exceeded". There was nothing in the default 'clawbot logs' as to why. After digging around in other locations I found a more detailed log, yeah, it's OpenAI. Logged into the OpenAI platform - it's churned through $20 of tokens in about 24h.
At this point I took a step back and weighted the pros and cons of the whole thing, and decided to shut it down. Back to human-in-the-loop coding agent projects for me.
I just do not believe the influencers who are posting their Clawbots are "running their entire company". There are so many bot-blockers everywhere it's like that scene with the rakes in the Simpsons...
All these *claw variants won't solve any of this. Sure you might use a bit less CPU, but the open internet is actually pretty bot-hostile, and you constantly need humans to navigate it.
What I have done from what I've learned though, is upgrade my trusty Discord bot so it now has a SOUL.md and MEMORIES.md. Maybe at some point I'll also give it a heartbeat, but I'm not sure...
I am waiting for Mac mini with M5 processor since M5 MacBook - seems like I need to start saving more money each month for that goal because it is going to be a bloodbath at the moment they land.
lemme guess there is going to be inter claw protocol now
I still haven't really been able to wrap my head around the usecase for these. Also fingers crossed the name doesn't stick. Something about it rubs my brain the wrong way.
I'm genuinely wondering if this sort of AI revolution (or bubble, depending on which side you're in) is worth it. Yes, there are some cool use cases. But, you have to balance those with increased GPU, RAM and storage prices, and OSS projects struggling to keep up with people opening pull requests or vulnerability disclosures that turn out to be AI slop. Which lead GitHub to introduce the possibility to disable pull requests on repositories. Additionally, all the compute used for running LLMs in the cloud seems to have a significant environmental impact. Is it worth it, or are we being fooled by a technology that looks very cool on the surface, but that so far didn’t deliver on the promises of being able to carry complex tasks fully autonomously?
AI pollution is "clawing" into every corner of human life. Big guys boast it as catching up with the trend, but not really thinking about where this is all going.
You can take any AI agent (Codex, Gemini, Claude Code, ollama), run it on a loop with some delay and connect to a messaging platform using Pantalk (https://github.com/pantalk/pantalk). In fact, you can use Pantalk buffer to automatically start your agent. You don't need OpenClaw for that.
What OpenClaw did is to show the messages that this is in fact possible to do. IMHO nobody is using it yet for meaningful things, but the direction is right.
I love Andrej Karpathy and I think he's really smart but Andrej is responsible for popularizing the two most nauseating terms in the AI world. "Vibe" coding, and now "claws".
I'm one nudge away from throwing up.
What I don’t get: If it’s just a workflow engine why even use LLM for anything but a natural language interface to workflows? In other words, if I can setup a Zapier/n8n workflow with natural language, why would I want to use OpenClaw?
Nondeterministic execution doesn’t sound great for stringing together tool calls.
Im honestly not that much worried there are some obvious problems (exfiltrate data labeled as sensitive, take actions that are costly, delete/change sensitive resources) if you have a properly compliant infrastructure all these actions need confirmations logging etc. for humans this seemed more like a neusance but now it seems essential. And all these systems are actually much much easier to setup.
> It even comes with an established emoji
If we have to do this, can we at least use the seahorse emoji as the symbol?
What is the benefit of a Mac mini for something like this?
Please Simon. For the love of god stop trying to introduce more slop into the language
Anyone using claws for something meaningful in a startup environment? I want to try but not sure what we can do with this.
So now I will be able to tell OpenClaw to speedrun Captain Claw. Yeah.
Ah yes, let's create an autonomic actor out of a nondeterministic system which can literally be hacked by giving it plaintext to read. Let's give that system access to important credentials letting it poop all over the internet.
Completely safe and normal software engineering practice.
I'm impressed with how we moved from "AI is dangerous", "Skynet", "don't give AI internet access or we are doomed", "don't let AI escape" to "Hey AI, here is internet, do whatever you want".