Am I missing something? Why is everyone talking about sandboxes when it comes to OpenClaw?
To me it's like giving your dog a stack of important documents, then being worried he might eat them, so you put the dog in a crate, together with the documents.
I thought the whole problem with that idea was that in order for the agent to be useful, you have to connect it to your calendar, your e-mail provider and other services so it can do stuff on your behalf, but also creating chaos and destruction.
And now, what, having inference done by Nvidia directly makes it better? Does their hardware prevent an AI from deleting all my emails?
I think the point you're making is fully correct, so consider this a devil's advocate argument...
People claim, you can use Claw-agents more safely while getting some of the benefits, by essentially proxying your services. For example on Gmail people are creating a new Google accounts, forwarding email via rule, and adding access to their calendar via Google's Family Sharing. This allows the Claw agent to read email, access the calendar, but even if you ask it to send an email it can only send as the proxy account, and it can only create calendar appointments then add you as an attendee rather than destroy/altering appointments you've made.
Is the juice worth the squeeze after all that? That's where I struggle. I think insecure/dangerous Claw-agents could be useful but cannot be made safe (for the logical fallacy you pointed out), and secure Claw-agents are only barely useful. Which feels like the whole idea gets squished.
> Am I missing something?
You are indeed missing a TON. A lot of Open Claw users don't give it everything. We give it specific access to a group of things it needs to do the things we want. If I want an agent to sit there 24/7 maximizing uptime of my service, I give it access to certain data, the GitHub repo with PR privileges, and maybe even permissions to restart the service. All of this has to be very thoughtful and intentional. The idea that the only "useful" way to use Open Claw is to give it everything is a straw man.
Yes, although what I think is different in this setup here is the OpenShell gateway override, as they mention:
> NemoClaw installs the NVIDIA OpenShell runtime and Nemotron models, then uses a versioned blueprint to create a sandboxed environment where every network request, file access, and inference call is governed by declarative policy. The nemoclaw CLI orchestrates the full stack: OpenShell gateway, sandbox, inference provider, and network policy.
I think this means you get a true proxy layer with a network gateway that let's you stop in-flight requests with policies you define, so it's not their hardware but the combination of it plus OpenShell gateway and network policies.
I also think the reason they are doing this is to try and get some moat around these one-clik deployments and leverage their GPU for rent type of thing instead of having you go buy a mac mini and learn "scary" stuff (remember, the user market here is pretty strange lol)
OpenShell is the gem here indeed. A lot of good ideas like network sandbox that does TLS decryption and use of policy engine to set the rules. However:
> Credentials never leak into the sandbox filesystem; they are injected as environment variables at runtime.
I'm putting my dog in his crate with all my important documents, but leaving my fine china tableware in the cupboard away from the dog.
Then one day forgetting to close the door of the crate…..
But the dog is so used to the crate…
and then tie a tiny string from the china to a thing inside the cage because it seemed handy at the time...
Agreed. I think the "simplifies running OpenClaw always-on assistants safely" bit is pretty misleading. I suppose it can wreak less havoc on your local file system but, as you point out, it's access to your account credentials (Slack, email, Amazon?, etc.) that is the real danger.
You don't need to connect your calendar, email, or anything else. I am having so much fun talking to it bouncing ideas and pushing code/markdown files to GitHub (totally separate account I created for OpenClaw). On the other hand I don't have a crazy life that everything needs to be in the calendar.
you put the dog in crate with a COPY of your documents.
Make it two copies!
[dead]
[dead]
The fully autonomous agentic ecosystem makes me feel a little crazy — like all common sense has escaped. It feels like there is a lot of engineering effort being exhausted to harden the engine room on the Titanic against flooding. It's going to look really secure... buried in debris at the bottom of the ocean.
When a state sponsored threat actor discovers a zero day prompt injection attack, it will not matter how isolated your *Claw is, because like any other assistant, they are only useful when they have access to your life. The access is the glaring threat surface that cannot be remediated — not the software or the server it's running on.
This is the computing equivalent of practicing free love in the late 80's without a condom. It looks really fun from a distance and it's probably really fun in the moment, but y'all are out of your minds.
Well, at least we share the same world as these people, meaning that we too will experience the consequences of their actions.
Isn't that a nice perspective
[dead]
I found this part interesting: "Inference requests from the agent never leave the sandbox directly. OpenShell intercepts every call and routes it to the NVIDIA cloud provider."
Seems like they are doing this to become the default compute provider for the easiest way to set up OpenClaw. If it works out, it could drive a decent amount of consumer inference revenue their way
s/revenue/data/
Secure installation isn't the main problem with OpenClaw. This project doesn't seem to be solving a real problem. Of course the real problem is giving an LLM access to everything and hoping for the best.
Running OpenClaw is the nerd equivalent of rolling coal
OpenClaw can be useful, in theory, unlike rolling coal. OpenClaw is what people always hoped Siri, Alexa and/or Google Assistant would be, and now it's really here. It may be expensive, has a chance to become your local Skynet and might randomly delete or leak everything that's valuable for you..but I guess this counts as growing pains.
Rolling coal can be useful in theory, for pissing people off. As intended.
I'm trying to put together what you could possibly mean by this -- rolling coal is fundamentally about spite. In isolation, nobody _wants_ their vehicle to spew black smoke. It only comes close to making sense in the context of another population (EV owners, typically, or more generally "the libs").
OpenClaw lets people live a bit dangerously, but fundamentally gives them something that they actually wanted. They wanted it so badly that they're willing to take what seem like insane risks to get it.
What do the two have in common?
> OpenClaw lets people live a bit dangerously, but fundamentally gives them something that they actually wanted. They wanted it so badly that they're willing to take what seem like insane risks to get it.
For the first time in my career I feel so incredibly behind on this: What is open claw giving people that they want so badly? It just seems like Russian Roulette, I honestly don't see the upside
I can give you, as an example, what is driving me towards trying it.
I work as a contractor for 2 companies, not out of necessity, but greed. I also have a personal project with a friend that is dangerously close to becoming a business that needs attention. I also have other responsibilities and believe it or not - friends. Also the ADHD on top of that.
I yearn for a personal assistant. Something or somebody that will read the latest ticket assigned to me, the email with project feedback, the message from my best friend that I haven't replied for the last 3 days and remind me: "you should do this, it's going to take 5 minutes", "you have to do this today, because tomorrow you are swamped" or "you should probably start X by doing Y".
I have tried so many systems of managing my schedule and I can never stick with it. I have a feeling that having a bot "reach out", but also be able to do "reasoning" over my pending things would be a game changer.
But yes, the russian roulette part is holding me back. I am taking suggestions though
How much would a real personal assistant cost?
> How much would a real personal assistant cost?
A lot. And wouldn't be as good or fast. I am speaking from experience.
[dead]
Like with any new tool/technology, you have to try it. And even then the benefits won't be obvious to you until you've played with it for a few days/weeks. With LLMs in general, it took me months before I found real good use cases.
Simple example: I tell (with my voice) my OpenClaw instance to monitor a given web site daily and ping me whenever a key piece of information shows up there.
The real problem is that it is fairly unreliable. It would often ping me even when the information had not shown up.
Another example: I'm particular about the weather related information I want, and so far have not found any app that has everything. I got sick of going to a particular web site, clicking on things, to get this information. So I created a Skill to get what I need, and now I just ask for it (verbally), and I get it.
As the GP said. This is what Siri etc should have been.
> Simple example: I tell (with my voice) my OpenClaw instance to monitor a given web site daily and ping me whenever a key piece of information shows up there.
Maybe i'm just old -- a cron job can fetch the info and push it to some notification service too, without also being a chaos agent. It seems I spend the security cost here, and in return i can save 15 minutes writing a script. Juice doesn't seem to be worth the squeeze.
But they don't just want the text of the website pushed as a notification every day. They want the bot to load the site, likely perform some kind of interaction, decide if the thing they're looking for is there, and then notify them.
All of which can already be done programmatically without OpenClaw.
Not with a single prompt.
> Maybe i'm just old -- a cron job can fetch the info and push it to some notification service too, without also being a chaos agent.
Here's a concrete example: A web site showing after school activities for my kid's school. All the current ones end in March, and we were notified to keep a lookout for new activities.
So I told my OpenClaw instance to monitor it and notify me ONLY if there are activities beginning in March/April.
Now let's break down your suggestion:
> a cron job can fetch the info and push it to some notification service too, without also being a chaos agent.
How exactly is this going to know if the activity begins in March/April? And which notification service? How will it talk to it?
Sounds like you're suggesting writing a script and putting it in a cron job. Am I going to do that every time such a task comes up? Do I need to parse the HTML each time to figure out the exact locators, etc? I've done that once or twice in the past. It works, but there is always a mental burden on working out all those details. So I typically don't do it. For something like this, I wouldn't have bothered - I would have just checked the site every few days manually.
Here: You have 15 minutes. Go write that script and test it. Will you bother? I didn't think so. But with OpenClaw, it's no effort.
Oh, and I need to by physically near my computer to write the script.
Now the OpenClaw approach:
I tell it to do this while on a grocery errand. Or while in the office. I don't need to be home.
It's a 4 step process:
"Hey, can you go to the site and give me all the afterschool activities and their start dates?"
<Confirm it does that>
"Hey, write a skill that does that, and notifies me if the start date is ..."
"Hey, let's test the skill out manually"
<Confirm skill works>
"Hey, schedule a check every 10:30am"
And we're done.
I don't do this all at once. I can ask it to do the first thing, and forget about it for an hour or two, and then come back and continue.
There are a zillion scripts I could write to make my life easier that I'm not writing. The benefit of OpenClaw is that it now is writing them for me. 15 minutes * 1 zillion is a lot of time I've saved.
But as I said: Currently unreliable.
I agree with the sentiment that there are use cases for web scraping where an agent is preferable to a cron job, but I think your particular example can certainly be achieved with a cron job and a basic parser script. Just have Claude write it.
I didn't say it's not doable. I'm not even saying it's hard. But nothing beats telling Claw to do it for me while I'm in the middle of groceries.
Put another way: If it can do it (reliably), why on Earth would I babysit Claude to write it?
The whole point is this: When AI coding became a thing, many folks rediscovered the joy of programming, because now they could use Claude to code up stuff they wouldn't have bothered to. The barrier to entry went down. OpenClaw is simply that taken to the next level.
And as an aside, let's just dispense with parsing altogether! If I were writing this as a script, I would simply fetch the text of the page, and have the script send it to an LLM instead of parsing. Why worry about parsing bugs on a one-off script?
Scripts fail. Agents exfiltrate your data because someone hacked the school's website with prompt injections. Make sure it's a choice and not ignorance of the risks.
> Scripts fail.
Which is totally fine for the majority of tasks.
> Agents exfiltrate your data
They can only exfiltrate the data you give them. What's the worst that prompt injection attack will give them?
OpenClaw has a persistent memory, stored to disk, and an efficient way of accessing it. ChatGPT and Claude both added a rudimentary "memory" feature in March but it's nowhwere as extensible or vendor neutral.
ChatGPT had memory for a long time. Claude also had it for quite some time for paying customers.
A real smart / ai agent doing thinks for you by Delegation.
Like the Star Trek computer
A personal assistant of some sort that is actually useful at some stuff and not just a toy?
It’s not some huge life changing thing for me, but I also only dabble with it - certainly it has no access to anything very important to my life.
I find it incredibly useful to just have a chat line open with a little agent running on a tiny computer on my IoT network at home I can ask to do basic chores.
Last night I realized I forgot to set the permanent holiday lights to “obnoxious st parties day animation” at around 9pm. It was basically the effect of “hey siri, please talk to the front house wled controller and set an appropriate very colorful theme for the current holiday until morning” while I drove to pick my wife up from a friends house.
Without such a quick off-handed ability to get that done, there was zero chance I was coming home 20 minutes later, remembering I should do that, spending 10 minutes googling an appropriate preset lighting theme someone already came up with, grabbing laptop, and clicking a half dozen buttons to get that done.
Trivial use case? Yup. But those trivial things add up for a measurable quality of life difference to me.
I’m sure there are better and cleaner ways to achieve similar - but it’s a very fast on-ramp into getting something from zero to useful without needing to learn all this stuff from the ground up. Every time I think of something around that complexity level I go “ugh. I’ll get to it at some point” but if I spend 15 minutes with openclaw I can usually have a decent tool that is “good enough” for future use to get related things done for the future.
It’s done far more complex development/devops “lab” stuff for me that at least proved some concepts for work later. I’ll throw away the output, but these are items that would have been put off indefinitely due to activation energy because the basics are trivial but annoyingly time consuming. Spin up a few VMs, configure basic networking, install and configure the few open source tools I wanted to test out, create some simple glue code to mock out what I wanted to try out. That sort of thing. Basically stuff I would have a personal intern do if I could afford one.
For now it’s basically doing my IT chores for me. The other night I had it finally get around to setting up some dashboards and Prometheus monitoring for some various sensors and WiFi stuff around the house. Useful when I need it, but not something I ever got around to doing myself for the past 7 years since I moved in. Knocking out that todo list is pretty nice!
The risk is pretty moderate for me. Worst case it deletes configs or bricks something it has access to and I need to roll back from backups it does not have permissions to even know exist, much less modify. It certainly has zero access to personal email, real production environments, or anything like that.
It increasingly seems like most people make a different decision after thinking through the security implications of something like this. This is me being charitable.
It is possible that they don't understand the risks involved, but yes, it certainly is tapping into unmet need.
> In isolation, nobody _wants_ their vehicle to spew black smoke.
Honestly, when I was 12 years old and my dad floored the TDi in our Land Rover (with the diesel particulate filter deleted), it felt satisfying in a way, like the machine is allowed to be its most efficient self.
Now that I'm adult, I know that it's marginal gains for the car and terrible for the environment, but there are people that have the thinking capability of a 12 year old driving these trucks. I don't think all of them do it because of spite (though I'm sure most do).
And don’t care about them but they endanger third parties too.
And many of them are people who should know better.
Let’s make them 100% liable
While I don't have OpenClaw installed and not sure how I 'd use it I doubt all the hype around it is because it doesn't solve a real problem. The project grew to huge popularity organically!!!
How can that happen if it doesn't serve a need people have?
Compare NFTs. For them, it depends a bit on whether you see scratching a gambling itch as a real problem.
people are trying to run as fast as they can so that they are not left behind
(I've never run openclaw but planning)
Maybe let me ask this question:
How is this any different from NFT?
I'll ignore the bait and answer: NFTs were gambling in disguise, these claws are personal/household assistants, that proactively perform various tasks and can be genuinely useful. The security problem is very much unsolved, but comparing them to NFTs is just willfully ignorant at best
NFTs can't delete your mails.
"And that's why we've created MailCoin, the best way to perform stochastic mailbox ablation with with the latest, hottest blockchain technology." - from Show HN, March 20, 2026
Now with NFTs and pixel art, memorialising each and every one of your deleted emails in a unique and non-fungible way.
…
…
Now I actually want to make it, and build a "card trading game" on top of it.
Gotta say, that I feel kind of sad for the people that feel the need for these claw things.
Are they so busy with their lives that they need an assistant, or do they waste their lives speaking to it like it is a human, and then doomscrolling on some addictive site instead of attending to their lives in the real world?
I'm still extremely skeptical on Claws as a genre, and especially more skeptical of a claw that's always reporting home. What's the use case for a closed claw?
If you look at the commit history, they started work on this the Saturday before announcement, so about 2 days. There are references to design docs so it was in the works for some amount of time, but the implementation was from scratch (unless they falsified the timestamps for some reason).
Lol you think these github repos just materialize as is? They probably did all the iteration and development internally and then ported it over to a github repo and made it public afterwards
No they didn't. You can see all the commits as this was built iteratively[0]. This project started development on Saturday morning and now it's here.
This is pretty common now, people love to rapidly throw together stuff and show it off a few days later. The only thing different about this from your average Show HN sloppa is that it's living under the NVIDIA Github org, though that also has 700+ repositories[1] in it so they don't appear too discerning about what makes it into the official repo.
My best guess is this was an internal hackathon project they wanted to release publicly.
Sorry to be the one to inform you that we edit history in git.
There has been reporting on nemoclaw for the last couple weeks. Are you supposing that journalists were writing about software that hadn't even been designed?
> Sorry to be the one to inform you that we edit history in git.
Who is "we"? Do you work for NVidia?
> There has been reporting on nemoclaw for the last couple weeks.
The earliest reporting I've seen was yesterday. Can you link something from prior to March 14?
edit: I did find some articles from before March 14[0] which says NVidia was "prepping" this. Which is extremely funny, because it means they were hyping up software which hadn't even started being written yet. The AI bubble truly does not stop delivering.
> Are you supposing that journalists were writing about software that hadn't even been designed?
If you think journalists writing about things that will never exist is new, welcome to the real world. There's a whole term for it.[1]
Cash in on the claw brand recognition by having "claw, but Nvidia".
And, to be fair to them, it works. It sticks. It gets the desired reactions.
That's what I didn't understand about the acquisitions/partnerships that came out of the various claws. It's a fairly simple concept, and people were doing it before this but it just wasn't a meme. With AI you can easily build a claw in a weekend with maybe a hundred bucks worth of tokens. How do I know?
I kind of hope nemoclaw uptake and spark usage pushes ARM into the spotlight for LLM development, making it the primary release target rather than x86.
This could be the opening we need to wrangle a truly opensource-first ecosystem away from Microsoft and apple.
I think nanoclaw is architecturaly much better suited to solve this problem.
Much as I love using Claude or whatever to help me write some code, it's under some level of oversight, with me as human checking stuff hasn't been changed in some weirdly strange way. As we all know by now, this can be 1. Just weird because the AI slept funny and suddenly decided to do Thing It Has Been Doing Consistently A Totally Different Way Today or 2. Weird because it's plain wrong and a terrible implementation of whatever it was you asked for
It seems blindingly, blindingly obvious to me that EVEN IF I had the MOST TRUSTED secretary that had been with me for 10 years, I'd STILL want to have some input into the content they were interacting with and pushing out into the world with my name on.
The entire "claw" thing seems to be some bizarre "finger in ears, pretend it's all fine" thing where people just haven't thought in the slightest about what is actually going on here. It's incredibly obvious to me that giving unfettered access to your email or calendar or mobile or whatever is a security disaster, no matter what "security context" you pretend it's wrapped up in. A proxy email account is still sending email on your behalf, a proxy calendar is still organising things on your calendar. The irony is that for this thing to be useful, it's got to be ...useful - which means it has at some level to have pretty full access to your stuff.
And... that's a hard no from me, at least right now given what we all know about the state of current agents.
Plus... I'm just not sure of the upside. Am I seriously that busy that I need something to "organise my day" for me? Not really.
Then give your agent its own name, its own accounts, and let it push things out without your name.
We are in the wild wild west.
I’m looking for feedback, testing and possible security engineering contracts for the approach we are taking at Housecat.com.
The agent accesses everything through a centralized connections proxy. No direct API tokens or access.
This means we can apply additional policies and approval workflows and audit all access.
Some obvious ones are only grant read and draft permissions at all, and review and send drafts manually.
Some more clever ones are to only allow sending 5 messages a day, or enforcing soft delete patterns. This prevents accidentally spamming everyone or deleting things.
Next up is giving the agent “wrapped” and down scoped tokens you do want to equip it with the ability to do direct API calls. But these still go through the proxy that enforces the policies too.
It’s impressive someone early in their career shipped this. There seems to be a stark increase in high-quality AI/data projects from early-career engineers lately and I'm super curious what’s driving that (and honestly speaking: a little jealous).
If you started your career more than ~2-3 years ago, you were trained on a completely different game. Clear abstractions, ownership, careful iteration, all that. That muscle memory is actively hindering you; preventing you from succeeding.
The people coming up now don't have that baggage. They never internalized "write the code yourself" as the default. They think in terms of spawning systems, letting things run, checking outcomes. It's way closer to managing a process than engineering in the traditional sense. And yeah, that shows up in what gets shipped. A 21-year-old will brute force 20 directions in parallel with agents and just pick what works. Someone more "experienced" will spend that same time trying to design the "right" approach up front. By the time they're done thinking, the other person has already iterated past them.
It's kind of unsettling is how basically all of these "senior instincts" are now liabilities. Caring about perfect structure, being allergic to randomness, needing to understand every layer before moving forward, etc. used to be strengths. Now they just slow you down.
You can already feel the split forming. Younger builders are comfortable letting systems do things they don't fully understand. Senior engineers keep trying to pull everything back into something legible and controlled, kneecapping themselves. That gap is not small.
What I'm seeing in my circle of founders and CEOs is that they're slowly laying off these older devs (cutoff age is around 24yrs) and replacing them with fresh, young talent, better suited for this new agentic era. From their reports the velocity gains are insane; and it compounds. Basically, these older folks are still doing polynomial thinking in an exponential landscape. They are dinosaurs slated for extinction.
Sometimes experience (or more so the wisdom you've accumulated over a long career) creates mental blocks / preconceptions about risks or problems you foresee, which makes it harder to approach big scary problems if you're able to anticipate all of the challenges you're likely to hit.
Compare that to a smart engineer who doesn't have that wisdom: those people might have an easier time jumping in to difficult problems without the mental burden of knowing all of the problems upfront.
The most meaningful technical advances I've personally seen always started out as "let's just do it, it will only take a weekend" and then 2 years later, you find yourself with a finished product. (If you knew it would take 2 years from the start, you might have never bothered)
Naivety isn't always a bad thing.
> Compare that to a smart engineer who doesn't have that wisdom: those people might have an easier time jumping in to difficult problems without the mental burden of knowing all of the problems upfront.
My favorite story in CS related to this is how Huffman Coding came to be [1]
This is so incredibly accurate. I see all these side projects people are spinning up and can't help but think "Sure it might work at first but the first time i have to integrate it with something else i'll have to spend a week trying to get them to work. Hell that'll probably require an annoying rewrite and its not even worth what I get out of it"
[deleted]
There are four "people" that contributes (https://github.com/NVIDIA/NemoClaw/graphs/contributors) judging by the git commits and the GitHub authors, none of them seem to be novices at programming, what made you write what you wrote here?
I think he's talking about the original claw, Open Claw
How is Peter "early in their career"? When he sold PSPDFKit for 100mio in 2020 he had been working on it for 13 years, and before that he'd worked as an engineer.
OpenClaw?
The one started by a person that sold his previous company and got >$100M ?
I wouldn't call him a novice either.
A lot of senior engineering problems aren't gated by experience but by being trusted to coordinate large numbers of juniors.
Now that as a junior, I can spin up a team of AIs and delegate, I can tackle a bunch of senior level tasks if I'm good at coordination.
I think this is a fundamentally flawed perspective on the role and experience of a senior. It's a managers role to coordinate junior engineers. The difference between junior and senior is knowing where and when to do what at an increasing scale as you gain experience.
> It's a managers role to coordinate junior engineers.
Due to AI this is now my job. My company is hiring less juniors, but the ones we do hire are given more scope and coordination responsibilities since otherwise we'd just be LLM wrappers.
> The difference between junior and senior is knowing where and when to do what at an increasing scale as you gain experience.
Many juniors believe they know what to do. And want to immediately take on yuge projects.
e.g. I decided I want to rewrite my whole codebase in C++20 modules for compile time.
Prior to AI, I wouldn't be given help for this refactor so it wouldn't happen.
Now I just delegate to AI and convert my codebase to modules in just a few days!
At that point I discovered Clang 18 wasn't really optimized for modules and they actually increased build time. If I had more experience I could've predicted using half-baked C++ features is a bad idea.
That being said, every once in a while one of my stupid ideas actually pays off.
e.g. I made a parallel AI agent code review workflow a few months ago back when everyone was doing single agent reviews. The seniors thought it was a dumb idea to reinvent the wheel when we had AI code review already, but it only took a day or two to make the prototype.
Turns out reinventing the wheel was extremely effective for our team. It reduced mean time-to-merge by 20%!
This was because we had too many rules (several hundred, due to cooperative multitasking) for traditional AI code reviewers. Parallel agents prevented the rules from overwhelming the context.
But at the time, I just thought parallel agents were cool because I read the Gas Town blog and wasn't thinking about "do we have any unique circumstances that require us to build something internally?"
Neurons that fire together, wire together. Your brain optimizes for your environment over time. As we get older, our brains are running in a more optimized way than when we're younger. That's why older hunters are more effective than younger hunters. They're finely tuned for their environment. It's an evolutionary advantage. But it also means that they're not firing in "novel" ways as much as the "kids". "kids" are more creative I think because their brains are still adopting, exploring novelty, neuron connections aren't as deeply tied together yet.
This is also maybe one of the biggest pitfalls as our society get's "older" with more old people, and less "kids". We need kids to force us to do things differently.
Not 100% sure this isn't sarcasm, but I'll bite.
For me (a non-early career dev) these projects terrify me. People build stuff that just seem like enormous liabilities relying on tools mostly controlled and gate kept by someone else. My intuition tells me something is off. I could be wrong about it all, but one thing I've learned over the years is that ignoring my intuition typically doesn't end well!
> It’s impressive someone early in their career shipped this.
Hang on, what's impressive about this?
OpenClaw is many things, but decidedly not "high-quality".
What is impressive about this project? It seems to be similar to other projects in that space.
Should be obvious that its tools like Claude Code. If you are a junior dev not experienced in delivering entire products but with good ideas you have incredible leverage now...
because the floor is fucking insane for junior developers right now!!
It’s amusing that ‘claw’ is sticking around as a term for these kind of things, when it was originally a pretty transparent attempt to avoid infringing on ‘Claude’…
Check out https://zo.computer - we've been doing OpenClaw for nearly a year, it works out of the box, and has hosting built-in. Zo arguably was the inspiration for Peter to create OpenClaw.
It's quite sad you are riding the coattails of Openclaw here and on Twitter. You only talk about how you were "first" but never say why you are arguably nowhere near all the competitors in terms of distribution that supposedly copied from you
Why do you think OpenClaw caught on much faster?
OpenClaw had a huge viral marketing campaign. It wasn't a coincidence everyone on twitter was talking about it at the same time suddenly. To its credit, it also executed well enough in a few areas that captured people's imagination. Most of the concepts are ideas people have been toying with for years, though.
counterpoint: this assumes everyone has the same constraints. not always true
what about just using an unprivileged container and mounting a host folder to run open claw?
OpenClaw is so bad with Docker. I spent hours on it and hit road block after road block trying to get the most basic things working.
The last one was inability to install dependencies on the docker container to enable plugins. The existing scripts and instructions don’t work (at least I couldn’t get them to work. Maybe a me problem).
So I gave up and moved on. What was supposed to be a helpful assistant became a nightmare.
Did you try Incus? Gives you VM-like experience in a container
Why not use a VM?
Why not ask an AI?
I’m not an engineer and now I realise why I’ve been struggling getting OpenClaw setup in docker. I just can’t get it to work. Makes sense that it needs access to the underlying OS
Same experience. I used Coolify and it was so hard. I wondered why people are so enthralled with this unacceptable UX for setup, only to realize no one cared about Docker and they just got a new Mac mini or used their own system.
Absolutely this. I finally got it working, but the instructions and scripts for setting it up with Docker absolutely do not work.
I'm curious if people have had success running it on Cloudflare workers. I know there was a lot of hype about that a few weeks ago.
Riight, unprivileged lxc/lxd container takes 2s to set up. Thanks NV, sticking with opencode.
The problem is that it cannot access your credentials hence useless.
Containers and VMs are really annoying to work with for these kinds of applications. Things like agent-safehouse and greywall are better imo
I've honestly found containers a breeze for such use cases. Inference lives on the host, crazy lives in an unpriv'd overlayfs container that I don't mind trashing the root of, and is like nothing in resources to clone, and gives a clean mitm surface via a veth. That said, greywall looks pretty dope!
Am I missing something? Why is everyone talking about sandboxes when it comes to OpenClaw?
To me it's like giving your dog a stack of important documents, then being worried he might eat them, so you put the dog in a crate, together with the documents.
I thought the whole problem with that idea was that in order for the agent to be useful, you have to connect it to your calendar, your e-mail provider and other services so it can do stuff on your behalf, but also creating chaos and destruction.
And now, what, having inference done by Nvidia directly makes it better? Does their hardware prevent an AI from deleting all my emails?
I think the point you're making is fully correct, so consider this a devil's advocate argument...
People claim, you can use Claw-agents more safely while getting some of the benefits, by essentially proxying your services. For example on Gmail people are creating a new Google accounts, forwarding email via rule, and adding access to their calendar via Google's Family Sharing. This allows the Claw agent to read email, access the calendar, but even if you ask it to send an email it can only send as the proxy account, and it can only create calendar appointments then add you as an attendee rather than destroy/altering appointments you've made.
Is the juice worth the squeeze after all that? That's where I struggle. I think insecure/dangerous Claw-agents could be useful but cannot be made safe (for the logical fallacy you pointed out), and secure Claw-agents are only barely useful. Which feels like the whole idea gets squished.
> Am I missing something?
You are indeed missing a TON. A lot of Open Claw users don't give it everything. We give it specific access to a group of things it needs to do the things we want. If I want an agent to sit there 24/7 maximizing uptime of my service, I give it access to certain data, the GitHub repo with PR privileges, and maybe even permissions to restart the service. All of this has to be very thoughtful and intentional. The idea that the only "useful" way to use Open Claw is to give it everything is a straw man.
Yes, although what I think is different in this setup here is the OpenShell gateway override, as they mention:
> NemoClaw installs the NVIDIA OpenShell runtime and Nemotron models, then uses a versioned blueprint to create a sandboxed environment where every network request, file access, and inference call is governed by declarative policy. The nemoclaw CLI orchestrates the full stack: OpenShell gateway, sandbox, inference provider, and network policy.
I think this means you get a true proxy layer with a network gateway that let's you stop in-flight requests with policies you define, so it's not their hardware but the combination of it plus OpenShell gateway and network policies.
I also think the reason they are doing this is to try and get some moat around these one-clik deployments and leverage their GPU for rent type of thing instead of having you go buy a mac mini and learn "scary" stuff (remember, the user market here is pretty strange lol)
OpenShell is the gem here indeed. A lot of good ideas like network sandbox that does TLS decryption and use of policy engine to set the rules. However:
> Credentials never leak into the sandbox filesystem; they are injected as environment variables at runtime.
If anyone from the team is reading - you should copy surrogate credentials approach from here to secure the credentials further: https://github.com/airutorg/airut/blob/main/doc/network-sand...
I'm putting my dog in his crate with all my important documents, but leaving my fine china tableware in the cupboard away from the dog.
Then one day forgetting to close the door of the crate…..
But the dog is so used to the crate…
and then tie a tiny string from the china to a thing inside the cage because it seemed handy at the time...
Agreed. I think the "simplifies running OpenClaw always-on assistants safely" bit is pretty misleading. I suppose it can wreak less havoc on your local file system but, as you point out, it's access to your account credentials (Slack, email, Amazon?, etc.) that is the real danger.
You don't need to connect your calendar, email, or anything else. I am having so much fun talking to it bouncing ideas and pushing code/markdown files to GitHub (totally separate account I created for OpenClaw). On the other hand I don't have a crazy life that everything needs to be in the calendar.
you put the dog in crate with a COPY of your documents.
Make it two copies!
[dead]
[dead]
The fully autonomous agentic ecosystem makes me feel a little crazy — like all common sense has escaped. It feels like there is a lot of engineering effort being exhausted to harden the engine room on the Titanic against flooding. It's going to look really secure... buried in debris at the bottom of the ocean.
When a state sponsored threat actor discovers a zero day prompt injection attack, it will not matter how isolated your *Claw is, because like any other assistant, they are only useful when they have access to your life. The access is the glaring threat surface that cannot be remediated — not the software or the server it's running on.
This is the computing equivalent of practicing free love in the late 80's without a condom. It looks really fun from a distance and it's probably really fun in the moment, but y'all are out of your minds.
Well, at least we share the same world as these people, meaning that we too will experience the consequences of their actions.
Isn't that a nice perspective
[dead]
I found this part interesting: "Inference requests from the agent never leave the sandbox directly. OpenShell intercepts every call and routes it to the NVIDIA cloud provider."
Seems like they are doing this to become the default compute provider for the easiest way to set up OpenClaw. If it works out, it could drive a decent amount of consumer inference revenue their way
s/revenue/data/
Secure installation isn't the main problem with OpenClaw. This project doesn't seem to be solving a real problem. Of course the real problem is giving an LLM access to everything and hoping for the best.
Running OpenClaw is the nerd equivalent of rolling coal
OpenClaw can be useful, in theory, unlike rolling coal. OpenClaw is what people always hoped Siri, Alexa and/or Google Assistant would be, and now it's really here. It may be expensive, has a chance to become your local Skynet and might randomly delete or leak everything that's valuable for you..but I guess this counts as growing pains.
Rolling coal can be useful in theory, for pissing people off. As intended.
I'm trying to put together what you could possibly mean by this -- rolling coal is fundamentally about spite. In isolation, nobody _wants_ their vehicle to spew black smoke. It only comes close to making sense in the context of another population (EV owners, typically, or more generally "the libs").
OpenClaw lets people live a bit dangerously, but fundamentally gives them something that they actually wanted. They wanted it so badly that they're willing to take what seem like insane risks to get it.
What do the two have in common?
> OpenClaw lets people live a bit dangerously, but fundamentally gives them something that they actually wanted. They wanted it so badly that they're willing to take what seem like insane risks to get it.
For the first time in my career I feel so incredibly behind on this: What is open claw giving people that they want so badly? It just seems like Russian Roulette, I honestly don't see the upside
I can give you, as an example, what is driving me towards trying it.
I work as a contractor for 2 companies, not out of necessity, but greed. I also have a personal project with a friend that is dangerously close to becoming a business that needs attention. I also have other responsibilities and believe it or not - friends. Also the ADHD on top of that.
I yearn for a personal assistant. Something or somebody that will read the latest ticket assigned to me, the email with project feedback, the message from my best friend that I haven't replied for the last 3 days and remind me: "you should do this, it's going to take 5 minutes", "you have to do this today, because tomorrow you are swamped" or "you should probably start X by doing Y".
I have tried so many systems of managing my schedule and I can never stick with it. I have a feeling that having a bot "reach out", but also be able to do "reasoning" over my pending things would be a game changer.
But yes, the russian roulette part is holding me back. I am taking suggestions though
How much would a real personal assistant cost?
> How much would a real personal assistant cost?
A lot. And wouldn't be as good or fast. I am speaking from experience.
[dead]
Like with any new tool/technology, you have to try it. And even then the benefits won't be obvious to you until you've played with it for a few days/weeks. With LLMs in general, it took me months before I found real good use cases.
Simple example: I tell (with my voice) my OpenClaw instance to monitor a given web site daily and ping me whenever a key piece of information shows up there.
The real problem is that it is fairly unreliable. It would often ping me even when the information had not shown up.
Another example: I'm particular about the weather related information I want, and so far have not found any app that has everything. I got sick of going to a particular web site, clicking on things, to get this information. So I created a Skill to get what I need, and now I just ask for it (verbally), and I get it.
As the GP said. This is what Siri etc should have been.
> Simple example: I tell (with my voice) my OpenClaw instance to monitor a given web site daily and ping me whenever a key piece of information shows up there.
Maybe i'm just old -- a cron job can fetch the info and push it to some notification service too, without also being a chaos agent. It seems I spend the security cost here, and in return i can save 15 minutes writing a script. Juice doesn't seem to be worth the squeeze.
But they don't just want the text of the website pushed as a notification every day. They want the bot to load the site, likely perform some kind of interaction, decide if the thing they're looking for is there, and then notify them.
All of which can already be done programmatically without OpenClaw.
Not with a single prompt.
> Maybe i'm just old -- a cron job can fetch the info and push it to some notification service too, without also being a chaos agent.
Here's a concrete example: A web site showing after school activities for my kid's school. All the current ones end in March, and we were notified to keep a lookout for new activities.
So I told my OpenClaw instance to monitor it and notify me ONLY if there are activities beginning in March/April.
Now let's break down your suggestion:
> a cron job can fetch the info and push it to some notification service too, without also being a chaos agent.
How exactly is this going to know if the activity begins in March/April? And which notification service? How will it talk to it?
Sounds like you're suggesting writing a script and putting it in a cron job. Am I going to do that every time such a task comes up? Do I need to parse the HTML each time to figure out the exact locators, etc? I've done that once or twice in the past. It works, but there is always a mental burden on working out all those details. So I typically don't do it. For something like this, I wouldn't have bothered - I would have just checked the site every few days manually.
Here: You have 15 minutes. Go write that script and test it. Will you bother? I didn't think so. But with OpenClaw, it's no effort.
Oh, and I need to by physically near my computer to write the script.
Now the OpenClaw approach:
I tell it to do this while on a grocery errand. Or while in the office. I don't need to be home.
It's a 4 step process:
"Hey, can you go to the site and give me all the afterschool activities and their start dates?"
<Confirm it does that>
"Hey, write a skill that does that, and notifies me if the start date is ..."
"Hey, let's test the skill out manually"
<Confirm skill works>
"Hey, schedule a check every 10:30am"
And we're done.
I don't do this all at once. I can ask it to do the first thing, and forget about it for an hour or two, and then come back and continue.
There are a zillion scripts I could write to make my life easier that I'm not writing. The benefit of OpenClaw is that it now is writing them for me. 15 minutes * 1 zillion is a lot of time I've saved.
But as I said: Currently unreliable.
I agree with the sentiment that there are use cases for web scraping where an agent is preferable to a cron job, but I think your particular example can certainly be achieved with a cron job and a basic parser script. Just have Claude write it.
I didn't say it's not doable. I'm not even saying it's hard. But nothing beats telling Claw to do it for me while I'm in the middle of groceries.
Put another way: If it can do it (reliably), why on Earth would I babysit Claude to write it?
The whole point is this: When AI coding became a thing, many folks rediscovered the joy of programming, because now they could use Claude to code up stuff they wouldn't have bothered to. The barrier to entry went down. OpenClaw is simply that taken to the next level.
And as an aside, let's just dispense with parsing altogether! If I were writing this as a script, I would simply fetch the text of the page, and have the script send it to an LLM instead of parsing. Why worry about parsing bugs on a one-off script?
Scripts fail. Agents exfiltrate your data because someone hacked the school's website with prompt injections. Make sure it's a choice and not ignorance of the risks.
> Scripts fail.
Which is totally fine for the majority of tasks.
> Agents exfiltrate your data
They can only exfiltrate the data you give them. What's the worst that prompt injection attack will give them?
OpenClaw has a persistent memory, stored to disk, and an efficient way of accessing it. ChatGPT and Claude both added a rudimentary "memory" feature in March but it's nowhwere as extensible or vendor neutral.
ChatGPT had memory for a long time. Claude also had it for quite some time for paying customers.
A real smart / ai agent doing thinks for you by Delegation.
Like the Star Trek computer
A personal assistant of some sort that is actually useful at some stuff and not just a toy?
It’s not some huge life changing thing for me, but I also only dabble with it - certainly it has no access to anything very important to my life.
I find it incredibly useful to just have a chat line open with a little agent running on a tiny computer on my IoT network at home I can ask to do basic chores.
Last night I realized I forgot to set the permanent holiday lights to “obnoxious st parties day animation” at around 9pm. It was basically the effect of “hey siri, please talk to the front house wled controller and set an appropriate very colorful theme for the current holiday until morning” while I drove to pick my wife up from a friends house.
Without such a quick off-handed ability to get that done, there was zero chance I was coming home 20 minutes later, remembering I should do that, spending 10 minutes googling an appropriate preset lighting theme someone already came up with, grabbing laptop, and clicking a half dozen buttons to get that done.
Trivial use case? Yup. But those trivial things add up for a measurable quality of life difference to me.
I’m sure there are better and cleaner ways to achieve similar - but it’s a very fast on-ramp into getting something from zero to useful without needing to learn all this stuff from the ground up. Every time I think of something around that complexity level I go “ugh. I’ll get to it at some point” but if I spend 15 minutes with openclaw I can usually have a decent tool that is “good enough” for future use to get related things done for the future.
It’s done far more complex development/devops “lab” stuff for me that at least proved some concepts for work later. I’ll throw away the output, but these are items that would have been put off indefinitely due to activation energy because the basics are trivial but annoyingly time consuming. Spin up a few VMs, configure basic networking, install and configure the few open source tools I wanted to test out, create some simple glue code to mock out what I wanted to try out. That sort of thing. Basically stuff I would have a personal intern do if I could afford one.
For now it’s basically doing my IT chores for me. The other night I had it finally get around to setting up some dashboards and Prometheus monitoring for some various sensors and WiFi stuff around the house. Useful when I need it, but not something I ever got around to doing myself for the past 7 years since I moved in. Knocking out that todo list is pretty nice!
The risk is pretty moderate for me. Worst case it deletes configs or bricks something it has access to and I need to roll back from backups it does not have permissions to even know exist, much less modify. It certainly has zero access to personal email, real production environments, or anything like that.
It increasingly seems like most people make a different decision after thinking through the security implications of something like this. This is me being charitable.
It is possible that they don't understand the risks involved, but yes, it certainly is tapping into unmet need.
> In isolation, nobody _wants_ their vehicle to spew black smoke.
Honestly, when I was 12 years old and my dad floored the TDi in our Land Rover (with the diesel particulate filter deleted), it felt satisfying in a way, like the machine is allowed to be its most efficient self.
Now that I'm adult, I know that it's marginal gains for the car and terrible for the environment, but there are people that have the thinking capability of a 12 year old driving these trucks. I don't think all of them do it because of spite (though I'm sure most do).
And don’t care about them but they endanger third parties too.
And many of them are people who should know better.
Let’s make them 100% liable
While I don't have OpenClaw installed and not sure how I 'd use it I doubt all the hype around it is because it doesn't solve a real problem. The project grew to huge popularity organically!!!
How can that happen if it doesn't serve a need people have?
Compare NFTs. For them, it depends a bit on whether you see scratching a gambling itch as a real problem.
people are trying to run as fast as they can so that they are not left behind
(I've never run openclaw but planning)
Maybe let me ask this question:
How is this any different from NFT?
I'll ignore the bait and answer: NFTs were gambling in disguise, these claws are personal/household assistants, that proactively perform various tasks and can be genuinely useful. The security problem is very much unsolved, but comparing them to NFTs is just willfully ignorant at best
NFTs can't delete your mails.
"And that's why we've created MailCoin, the best way to perform stochastic mailbox ablation with with the latest, hottest blockchain technology." - from Show HN, March 20, 2026
Now with NFTs and pixel art, memorialising each and every one of your deleted emails in a unique and non-fungible way.
…
…
Now I actually want to make it, and build a "card trading game" on top of it.
Gotta say, that I feel kind of sad for the people that feel the need for these claw things.
Are they so busy with their lives that they need an assistant, or do they waste their lives speaking to it like it is a human, and then doomscrolling on some addictive site instead of attending to their lives in the real world?
I'm still extremely skeptical on Claws as a genre, and especially more skeptical of a claw that's always reporting home. What's the use case for a closed claw?
If you look at the commit history, they started work on this the Saturday before announcement, so about 2 days. There are references to design docs so it was in the works for some amount of time, but the implementation was from scratch (unless they falsified the timestamps for some reason).
Lol you think these github repos just materialize as is? They probably did all the iteration and development internally and then ported it over to a github repo and made it public afterwards
No they didn't. You can see all the commits as this was built iteratively[0]. This project started development on Saturday morning and now it's here.
This is pretty common now, people love to rapidly throw together stuff and show it off a few days later. The only thing different about this from your average Show HN sloppa is that it's living under the NVIDIA Github org, though that also has 700+ repositories[1] in it so they don't appear too discerning about what makes it into the official repo.
My best guess is this was an internal hackathon project they wanted to release publicly.
[0] https://github.com/NVIDIA/NemoClaw/commits/main/?after=241ff...
[1] https://github.com/orgs/NVIDIA/repositories?type=all
Sorry to be the one to inform you that we edit history in git.
There has been reporting on nemoclaw for the last couple weeks. Are you supposing that journalists were writing about software that hadn't even been designed?
> Sorry to be the one to inform you that we edit history in git.
Who is "we"? Do you work for NVidia?
> There has been reporting on nemoclaw for the last couple weeks.
The earliest reporting I've seen was yesterday. Can you link something from prior to March 14?
edit: I did find some articles from before March 14[0] which says NVidia was "prepping" this. Which is extremely funny, because it means they were hyping up software which hadn't even started being written yet. The AI bubble truly does not stop delivering.
> Are you supposing that journalists were writing about software that hadn't even been designed?
If you think journalists writing about things that will never exist is new, welcome to the real world. There's a whole term for it.[1]
[0] https://fudzilla.com/nvidia-opens-the-gates-with-nemoclaw/
[1] https://en.wikipedia.org/wiki/Vaporware
Cash in on the claw brand recognition by having "claw, but Nvidia".
And, to be fair to them, it works. It sticks. It gets the desired reactions.
That's what I didn't understand about the acquisitions/partnerships that came out of the various claws. It's a fairly simple concept, and people were doing it before this but it just wasn't a meme. With AI you can easily build a claw in a weekend with maybe a hundred bucks worth of tokens. How do I know?
I kind of hope nemoclaw uptake and spark usage pushes ARM into the spotlight for LLM development, making it the primary release target rather than x86.
This could be the opening we need to wrangle a truly opensource-first ecosystem away from Microsoft and apple.
I think nanoclaw is architecturaly much better suited to solve this problem.
Related...
https://news.ycombinator.com/item?id=47430510
I think the whole thing is batshit, honestly.
Much as I love using Claude or whatever to help me write some code, it's under some level of oversight, with me as human checking stuff hasn't been changed in some weirdly strange way. As we all know by now, this can be 1. Just weird because the AI slept funny and suddenly decided to do Thing It Has Been Doing Consistently A Totally Different Way Today or 2. Weird because it's plain wrong and a terrible implementation of whatever it was you asked for
It seems blindingly, blindingly obvious to me that EVEN IF I had the MOST TRUSTED secretary that had been with me for 10 years, I'd STILL want to have some input into the content they were interacting with and pushing out into the world with my name on.
The entire "claw" thing seems to be some bizarre "finger in ears, pretend it's all fine" thing where people just haven't thought in the slightest about what is actually going on here. It's incredibly obvious to me that giving unfettered access to your email or calendar or mobile or whatever is a security disaster, no matter what "security context" you pretend it's wrapped up in. A proxy email account is still sending email on your behalf, a proxy calendar is still organising things on your calendar. The irony is that for this thing to be useful, it's got to be ...useful - which means it has at some level to have pretty full access to your stuff.
And... that's a hard no from me, at least right now given what we all know about the state of current agents.
Plus... I'm just not sure of the upside. Am I seriously that busy that I need something to "organise my day" for me? Not really.
Then give your agent its own name, its own accounts, and let it push things out without your name.
We are in the wild wild west.
I’m looking for feedback, testing and possible security engineering contracts for the approach we are taking at Housecat.com.
The agent accesses everything through a centralized connections proxy. No direct API tokens or access.
This means we can apply additional policies and approval workflows and audit all access.
https://housecat.com/docs/v2/features/connection-hub
Some obvious ones are only grant read and draft permissions at all, and review and send drafts manually.
Some more clever ones are to only allow sending 5 messages a day, or enforcing soft delete patterns. This prevents accidentally spamming everyone or deleting things.
Next up is giving the agent “wrapped” and down scoped tokens you do want to equip it with the ability to do direct API calls. But these still go through the proxy that enforces the policies too.
It’s impressive someone early in their career shipped this. There seems to be a stark increase in high-quality AI/data projects from early-career engineers lately and I'm super curious what’s driving that (and honestly speaking: a little jealous).
If you started your career more than ~2-3 years ago, you were trained on a completely different game. Clear abstractions, ownership, careful iteration, all that. That muscle memory is actively hindering you; preventing you from succeeding.
The people coming up now don't have that baggage. They never internalized "write the code yourself" as the default. They think in terms of spawning systems, letting things run, checking outcomes. It's way closer to managing a process than engineering in the traditional sense. And yeah, that shows up in what gets shipped. A 21-year-old will brute force 20 directions in parallel with agents and just pick what works. Someone more "experienced" will spend that same time trying to design the "right" approach up front. By the time they're done thinking, the other person has already iterated past them.
It's kind of unsettling is how basically all of these "senior instincts" are now liabilities. Caring about perfect structure, being allergic to randomness, needing to understand every layer before moving forward, etc. used to be strengths. Now they just slow you down.
You can already feel the split forming. Younger builders are comfortable letting systems do things they don't fully understand. Senior engineers keep trying to pull everything back into something legible and controlled, kneecapping themselves. That gap is not small.
What I'm seeing in my circle of founders and CEOs is that they're slowly laying off these older devs (cutoff age is around 24yrs) and replacing them with fresh, young talent, better suited for this new agentic era. From their reports the velocity gains are insane; and it compounds. Basically, these older folks are still doing polynomial thinking in an exponential landscape. They are dinosaurs slated for extinction.
Sometimes experience (or more so the wisdom you've accumulated over a long career) creates mental blocks / preconceptions about risks or problems you foresee, which makes it harder to approach big scary problems if you're able to anticipate all of the challenges you're likely to hit.
Compare that to a smart engineer who doesn't have that wisdom: those people might have an easier time jumping in to difficult problems without the mental burden of knowing all of the problems upfront.
The most meaningful technical advances I've personally seen always started out as "let's just do it, it will only take a weekend" and then 2 years later, you find yourself with a finished product. (If you knew it would take 2 years from the start, you might have never bothered)
Naivety isn't always a bad thing.
> Compare that to a smart engineer who doesn't have that wisdom: those people might have an easier time jumping in to difficult problems without the mental burden of knowing all of the problems upfront.
My favorite story in CS related to this is how Huffman Coding came to be [1]
[1] https://en.wikipedia.org/wiki/Huffman_coding#History
This is so incredibly accurate. I see all these side projects people are spinning up and can't help but think "Sure it might work at first but the first time i have to integrate it with something else i'll have to spend a week trying to get them to work. Hell that'll probably require an annoying rewrite and its not even worth what I get out of it"
There are four "people" that contributes (https://github.com/NVIDIA/NemoClaw/graphs/contributors) judging by the git commits and the GitHub authors, none of them seem to be novices at programming, what made you write what you wrote here?
I think he's talking about the original claw, Open Claw
How is Peter "early in their career"? When he sold PSPDFKit for 100mio in 2020 he had been working on it for 13 years, and before that he'd worked as an engineer.
OpenClaw? The one started by a person that sold his previous company and got >$100M ? I wouldn't call him a novice either.
A lot of senior engineering problems aren't gated by experience but by being trusted to coordinate large numbers of juniors.
Now that as a junior, I can spin up a team of AIs and delegate, I can tackle a bunch of senior level tasks if I'm good at coordination.
I think this is a fundamentally flawed perspective on the role and experience of a senior. It's a managers role to coordinate junior engineers. The difference between junior and senior is knowing where and when to do what at an increasing scale as you gain experience.
> It's a managers role to coordinate junior engineers.
Due to AI this is now my job. My company is hiring less juniors, but the ones we do hire are given more scope and coordination responsibilities since otherwise we'd just be LLM wrappers.
> The difference between junior and senior is knowing where and when to do what at an increasing scale as you gain experience.
Many juniors believe they know what to do. And want to immediately take on yuge projects.
e.g. I decided I want to rewrite my whole codebase in C++20 modules for compile time.
Prior to AI, I wouldn't be given help for this refactor so it wouldn't happen.
Now I just delegate to AI and convert my codebase to modules in just a few days!
At that point I discovered Clang 18 wasn't really optimized for modules and they actually increased build time. If I had more experience I could've predicted using half-baked C++ features is a bad idea.
That being said, every once in a while one of my stupid ideas actually pays off.
e.g. I made a parallel AI agent code review workflow a few months ago back when everyone was doing single agent reviews. The seniors thought it was a dumb idea to reinvent the wheel when we had AI code review already, but it only took a day or two to make the prototype.
Turns out reinventing the wheel was extremely effective for our team. It reduced mean time-to-merge by 20%!
This was because we had too many rules (several hundred, due to cooperative multitasking) for traditional AI code reviewers. Parallel agents prevented the rules from overwhelming the context.
But at the time, I just thought parallel agents were cool because I read the Gas Town blog and wasn't thinking about "do we have any unique circumstances that require us to build something internally?"
Neurons that fire together, wire together. Your brain optimizes for your environment over time. As we get older, our brains are running in a more optimized way than when we're younger. That's why older hunters are more effective than younger hunters. They're finely tuned for their environment. It's an evolutionary advantage. But it also means that they're not firing in "novel" ways as much as the "kids". "kids" are more creative I think because their brains are still adopting, exploring novelty, neuron connections aren't as deeply tied together yet.
This is also maybe one of the biggest pitfalls as our society get's "older" with more old people, and less "kids". We need kids to force us to do things differently.
Not 100% sure this isn't sarcasm, but I'll bite.
For me (a non-early career dev) these projects terrify me. People build stuff that just seem like enormous liabilities relying on tools mostly controlled and gate kept by someone else. My intuition tells me something is off. I could be wrong about it all, but one thing I've learned over the years is that ignoring my intuition typically doesn't end well!
> It’s impressive someone early in their career shipped this.
Hang on, what's impressive about this?
OpenClaw is many things, but decidedly not "high-quality".
What is impressive about this project? It seems to be similar to other projects in that space.
Should be obvious that its tools like Claude Code. If you are a junior dev not experienced in delivering entire products but with good ideas you have incredible leverage now...
because the floor is fucking insane for junior developers right now!!
It’s amusing that ‘claw’ is sticking around as a term for these kind of things, when it was originally a pretty transparent attempt to avoid infringing on ‘Claude’…
Check out https://zo.computer - we've been doing OpenClaw for nearly a year, it works out of the box, and has hosting built-in. Zo arguably was the inspiration for Peter to create OpenClaw.
It's quite sad you are riding the coattails of Openclaw here and on Twitter. You only talk about how you were "first" but never say why you are arguably nowhere near all the competitors in terms of distribution that supposedly copied from you
Why do you think OpenClaw caught on much faster?
OpenClaw had a huge viral marketing campaign. It wasn't a coincidence everyone on twitter was talking about it at the same time suddenly. To its credit, it also executed well enough in a few areas that captured people's imagination. Most of the concepts are ideas people have been toying with for years, though.
counterpoint: this assumes everyone has the same constraints. not always true
what about just using an unprivileged container and mounting a host folder to run open claw?
OpenClaw is so bad with Docker. I spent hours on it and hit road block after road block trying to get the most basic things working.
The last one was inability to install dependencies on the docker container to enable plugins. The existing scripts and instructions don’t work (at least I couldn’t get them to work. Maybe a me problem).
So I gave up and moved on. What was supposed to be a helpful assistant became a nightmare.
Did you try Incus? Gives you VM-like experience in a container
Why not use a VM?
Why not ask an AI?
I’m not an engineer and now I realise why I’ve been struggling getting OpenClaw setup in docker. I just can’t get it to work. Makes sense that it needs access to the underlying OS
Same experience. I used Coolify and it was so hard. I wondered why people are so enthralled with this unacceptable UX for setup, only to realize no one cared about Docker and they just got a new Mac mini or used their own system.
Absolutely this. I finally got it working, but the instructions and scripts for setting it up with Docker absolutely do not work.
I'm curious if people have had success running it on Cloudflare workers. I know there was a lot of hype about that a few weeks ago.
Riight, unprivileged lxc/lxd container takes 2s to set up. Thanks NV, sticking with opencode.
The problem is that it cannot access your credentials hence useless.
Containers and VMs are really annoying to work with for these kinds of applications. Things like agent-safehouse and greywall are better imo
I've honestly found containers a breeze for such use cases. Inference lives on the host, crazy lives in an unpriv'd overlayfs container that I don't mind trashing the root of, and is like nothing in resources to clone, and gives a clean mitm surface via a veth. That said, greywall looks pretty dope!
[dead]
[dead]