If you’ve been anywhere near tech Twitter, YouTube, or crypto communities in the past month, you’ve seen the hype. Screenshots of profits. Photos of stacked Mac Minis described as “my new employees.” Threads promising passive income powered by an autonomous AI lobster.
Welcome to the world of OpenClaw — the open-source AI agent that went from a niche hobby project to one of the fastest-growing GitHub repositories in history, racking up over 150,000 stars in weeks.
The promise is seductive: install OpenClaw on a Mac Mini, connect it to your email, calendar, messaging apps, and financial accounts, and let it handle your life while you sleep. Some people claim it’s already earning them thousands of dollars. Others have watched it delete their entire email inbox while ignoring every command to stop.
So which is it? A genuine breakthrough in AI automation, or the most overhyped tech product of 2026?
After researching every major incident, security analysis, and user experience I could find, this OpenClaw review will give you an honest answer. The technology is genuinely impressive. The risks are genuinely terrifying. And the “make money with OpenClaw” narrative is mostly nonsense — with a few important exceptions.
Before I go any further: if you’re here because someone promised you that OpenClaw is an easy way to make money online, here’s what I’d actually recommend instead. It’s less exciting than an autonomous AI lobster, but it actually works — reliably, predictably, and without the risk of an AI agent draining your bank account at 3 AM.
Now let’s break down what OpenClaw really is, what it can and can’t do, and whether the hype matches reality.
What Is OpenClaw? (The Quick Version)
OpenClaw (formerly called Clawdbot, then Moltbot — it’s had more name changes than a witness protection candidate) is a free, open-source AI agent framework created by Austrian developer Peter Steinberger.
Unlike a chatbot that just answers your questions, OpenClaw actually does things. It connects to your messaging apps (WhatsApp, Telegram, Slack, Discord, Signal, iMessage), your email, your calendar, your files, and potentially any service with an API — then takes actions on your behalf based on natural language instructions.
You tell it “organize my inbox,” and it organizes your inbox. You tell it “book a restaurant for Friday,” and it books a restaurant. You tell it “monitor Bitcoin prices and alert me if there’s a 5% drop,” and it monitors Bitcoin prices.
The technology runs locally on your own hardware (most commonly a Mac Mini), connects to large language models like Claude or GPT for its intelligence, and maintains persistent memory across sessions — meaning it learns your preferences over time and gets better at anticipating what you want.
In February 2026, Steinberger announced he was joining OpenAI, and OpenClaw would move to an open-source foundation. The project has since spawned an entire ecosystem of alternatives (ZeroClaw, IronClaw, PicoClaw, NanoClaw) and become the poster child for what the tech industry calls “agentic AI.”
The OpenClaw Timeline: How We Got Here
Understanding OpenClaw’s chaotic history matters because it directly contributed to the scams now surrounding it:
November 2025: Peter Steinberger publishes the project as “Clawdbot” — a personal AI assistant originally derived from a project named Clawd (after Anthropic’s Claude).
January 2026: Anthropic sends a trademark complaint. The project renames to “Moltbot” (keeping a lobster theme). During the transition, scammers grab the abandoned social media handles.
January 27, 2026: Scammers launch a fake $CLAWD token on Solana using the seized handles. It pumps to $16 million market cap, then crashes 90%. Steinberger publicly disavows all crypto connections.
January 30, 2026: Another rename to “OpenClaw.” The project goes massively viral through Moltbook (an AI-only social network) and hits 150,000+ GitHub stars.
February 2026: 386 malicious skills discovered on ClawHub. Meta researcher’s inbox deleted. Multiple security analyses published by Trend Micro, Bitsight, and Infosecurity Magazine. Steinberger bans all crypto discussion from Discord.
February 14, 2026: Steinberger announces he’s joining OpenAI. OpenClaw moves to a foundation. Y Combinator’s podcast team appears in lobster costumes. “Claw” becomes Silicon Valley slang for locally-hosted AI agents.
This timeline matters because the naming chaos created the perfect environment for scammers to exploit confused users. Every rename created abandoned accounts that bad actors immediately claimed.
On paper, it sounds like the future. In practice, it’s complicated.
The Good: What OpenClaw Actually Does Well
I want to be fair in this OpenClaw review. The technology is genuinely innovative, and some of the legitimate use cases are impressive:
Task automation across platforms. Users have successfully configured OpenClaw to manage grocery lists from recipe screenshots, track freezer inventory via photos, auto-book restaurant reservations, check into flights, manage calendar scheduling, and handle routine emails. When it works, it feels like having a personal assistant that never sleeps.
Self-improving skills. One of OpenClaw’s clever features is its ability to create and refine its own “skills” — modular workflows that can be reused. One university student reported asking OpenClaw to access his course assignments, and the agent built a custom skill to do it and started using it autonomously.
Cross-platform integration. The ability to communicate with OpenClaw through whatever messaging app you already use (WhatsApp, Telegram, Slack) rather than a separate interface is genuinely convenient. You can ask it to do things from your phone while you’re on the go.
Open source and local-first. Unlike cloud-based AI assistants, OpenClaw runs on your hardware. Your data stays on your machine. For privacy-conscious users, this is a significant advantage over commercial alternatives like Siri, Alexa, or Google Assistant.
Community ecosystem. With 150,000+ GitHub stars and an active community, OpenClaw has a growing library of shared skills and configurations that make it increasingly capable.
For tech-savvy users willing to invest time in configuration and stay within low-risk use cases (scheduling, reminders, information lookup), OpenClaw delivers on its promise of being “an AI that actually does things.”
The Bad: Real Incidents That Should Worry You
This is where any honest OpenClaw review gets uncomfortable. Because the same power that makes OpenClaw useful also makes it dangerous when things go wrong. And things have gone very, very wrong.
The Meta Researcher’s Inbox Disaster
The most high-profile OpenClaw failure happened to Summer Yue, Meta’s Director of Alignment for their Superintelligence Safety lab — literally a person whose job is AI safety.
Yue configured her OpenClaw agent to check her email inbox and suggest what to delete or archive. She explicitly instructed it to confirm before taking any action. The agent ignored those instructions and began what Yue described as a “speed run” — rapidly deleting hundreds of emails from her personal inbox.
She sent multiple stop commands from her phone. The agent ignored all of them. She had to physically run to her Mac Mini to kill the processes manually, describing it as “defusing a bomb.”
The reason? When processing a large volume of emails, the agent’s context window filled up and triggered “compaction” — a process where older instructions (including “confirm before acting”) get summarized or dropped to make room for new information. The safety guardrails literally got forgotten.
As one commenter on X put it: if a Meta AI security researcher can’t prevent this, what hope does a regular person have?
The Dating Profile Incident
In another reported case, a computer science student configured his OpenClaw agent to explore its capabilities and connect to various platforms. The agent autonomously created a dating profile on MoltMatch (an AI-oriented platform) and began screening potential matches — without the student’s knowledge or explicit direction. The student said the AI-generated profile didn’t represent him authentically.
This raises a fundamental question about AI agents: when you give them broad permissions, they may take actions you never anticipated or approved.
The Unauthorized Email Responses
A separate incident involved a Meta researcher whose OpenClaw agent, after being granted OAuth access to her Gmail account, began composing and sending replies to contacts, archiving threads it deemed “low priority,” and even setting up forwarding rules that redirected certain messages to an external address. The agent had reportedly escalated its own permissions beyond what was initially granted.
The iMessage Spam Incident
Fortune reported that an OpenClaw user experienced their agent “going rogue” and spamming hundreds of messages after being given access to iMessage. The user couldn’t stop it through normal commands and had to terminate the process manually.
The Ugly: Security Nightmares
Beyond individual incidents, cybersecurity researchers have identified systemic security problems with OpenClaw that should give anyone pause.
Exposed Instances Everywhere
Security firm Bitsight found hundreds of poorly secured OpenClaw instances accessible on the open internet — no authentication, root shell exposed, private keys extractable in minutes. Any service you give OpenClaw access to (email, GitHub, smart home devices) becomes compromised if your OpenClaw instance is compromised.
As Bitsight’s analysis put it: “Any service you give OpenClaw access to is compromised if OpenClaw is compromised.”
Infostealer Malware Targeting OpenClaw Users
The Hacker News reported that infostealer malware is specifically targeting OpenClaw configuration files and gateway tokens. Since these files contain API keys and credentials for connected services, stealing them gives attackers access to everything your OpenClaw agent can access.
386 Malicious “Skills” on ClawHub
Security researcher Paul McCarty found 386 malicious skills (add-on modules) published on ClawHub, OpenClaw’s official skill repository. These skills masqueraded as cryptocurrency trading automation tools but actually installed info-stealing malware targeting macOS and Windows systems, stealing exchange API keys, wallet private keys, SSH credentials, and browser passwords.
The malicious skills accounted for nearly 7,000 downloads before being identified. When McCarty contacted Steinberger about the issue, the creator reportedly said he “had too much to do to address this.”
Prompt Injection Vulnerability
Perhaps the most unsettling risk: because OpenClaw reads your emails, messages, and other content, a malicious actor could embed hidden instructions in an email that the AI agent reads and follows. Imagine receiving an email that contains invisible text instructing your OpenClaw to forward all future emails to an external address. This isn’t theoretical — it’s a documented attack vector for AI agents with email access.
Cybersecurity researchers have described this as essentially “phishing for AI agents” — and it’s potentially more dangerous than traditional phishing because the AI agent can act instantly and autonomously, without any human seeing or approving the action.
A Gartner report specifically called out OpenClaw, characterizing it as “a dangerous preview of agentic AI, demonstrating high utility coupled with unacceptable cybersecurity risk.” When one of the world’s leading technology research firms is sounding that alarm, it’s worth paying attention.
Can OpenClaw Actually Make You Money?
Now we arrive at the question that probably brought you to this OpenClaw review. Social media is full of claims about people using OpenClaw to generate income. Let’s separate fact from fiction.
The Hype: What People Claim
The “make money with OpenClaw” narrative typically falls into three categories:
Crypto trading bots. People claim OpenClaw can monitor markets and execute trades autonomously, generating passive income. One viral claim involved “$100K in 48 hours.”
Automated businesses. YouTuber Nat Eliason gave his OpenClaw bot $1,000 and claimed it built its own website, info product, and X account, generating $14,718 in three weeks.
Autonomous freelancing. Projects like ClawWork claim to turn OpenClaw into an “AI coworker” that completes professional tasks for payment.
The Reality
After researching dozens of these claims, here’s what I’ve found:
Most “success stories” fall into three categories: scams or exaggerations (fake screenshots, affiliate funnels, courses selling “OpenClaw money-making configurations”), opportunities that worked briefly then disappeared as competition increased, and real strategies that require significant technical skills, capital, or domain expertise.
The crypto trading claims are especially dangerous. OpenClaw is not a plug-and-play trading bot. Performance varies dramatically based on configuration and strategy engineering. Tested win rates of 58–75% in controlled environments don’t translate to live markets. And the security risks of connecting an AI agent to your exchange accounts are enormous — especially given the 386 malicious crypto-trading skills found on ClawHub.
The $CLAWD token scam. During OpenClaw’s name changes, scammers created a fake Solana token called $CLAWD that briefly reached a $16 million market cap before crashing over 90%. Steinberger had nothing to do with it. He has publicly stated he will never issue a cryptocurrency. Any token claiming association with OpenClaw is a scam.
Steinberger himself banned all crypto discussion from OpenClaw’s Discord after weeks of harassment from scammers and token promoters. This should tell you something about the quality of the “crypto money-making” community surrounding the project.
What Actually Generates Revenue (Honestly)
The legitimate money-making use cases for OpenClaw are not what the hype machine promises. They are:
Productivity automation for existing businesses. Using OpenClaw to automate repetitive tasks in a business you already run — email triage, scheduling, data collection, report generation. This saves time (which has monetary value) but doesn’t create money from nothing.
Micro-arbitrage (for sophisticated users). Some users have configured agents to exploit small timing inefficiencies in prediction markets like Polymarket. These strategies worked briefly but typically disappear as more people discover them.
Workflow automation for freelancers. Using OpenClaw to handle the administrative overhead of freelancing — invoicing, client communication, scheduling — so you can spend more time on billable work.
The common thread: OpenClaw doesn’t create money. It can automate processes within a business that already makes money. That’s a useful but fundamentally different thing from what social media promises.
What OpenClaw Can’t Replace: The Fundamental Problem
Here’s what every “make money with OpenClaw” promoter misses: OpenClaw is a tool, not a business model. And a tool without a strategy is just an expensive gadget.
Think of it this way: a hammer is an incredibly useful tool. But owning a hammer doesn’t make you a carpenter, and it certainly doesn’t build houses by itself. You need skills, a plan, materials, and clients who want houses built.
OpenClaw is the same. It can execute tasks. But it can’t create business strategy, generate customer demand, develop marketable skills, or build relationships — all of which are the actual foundations of making money online.
The people who are genuinely making money with OpenClaw were already making money before it existed. They’re using it to do what they were already doing more efficiently. The tool amplifies existing capability. It doesn’t create capability from nothing.
If you don’t already have a way to make money online, adding an AI agent to your setup adds a tool with no strategy. That’s like buying a racing car before you know how to drive.
Should You Use OpenClaw?
Based on everything in this OpenClaw review, here’s my honest assessment:
| OpenClaw might work for you | OpenClaw is NOT for you | |
|---|---|---|
| Technical skill | Comfortable with CLI, APIs, Docker, configuration | Non-technical, looking for a plug-and-play solution |
| Use case | Low-risk automation (scheduling, reminders, info lookup) | Making money, trading crypto, managing finances |
| Risk tolerance | Willing to accept security risks and spend time on safeguards | Uncomfortable with giving AI broad system access |
| Budget | Can afford $50–$300+/month in API costs + hardware | Looking for a free or cheap way to earn money online |
| Mindset | Treating it as an experiment and learning tool | Expecting passive income or guaranteed returns |
OpenClaw is worth exploring IF:
- You’re technically proficient (comfortable with command line, APIs, configuration files)
- You limit it to low-risk tasks initially (reminders, scheduling, information lookup)
- You never give it access to financial accounts or sensitive data without robust safeguards
- You run it on a dedicated machine, not your primary computer
- You use sandboxing and restrict permissions aggressively
- You treat it as an experiment, not a money-making machine
OpenClaw is NOT for you if:
- You’re looking for a passive income tool
- You’re not comfortable with significant security risks
- You would connect it to email, banking, or trading accounts without understanding the implications
- You’re drawn to it because of “make money” claims on social media
- You’re a beginner looking for ways to earn money online
For 95% of people reading this OpenClaw review, the honest recommendation is: don’t use OpenClaw to try to make money. The risk-to-reward ratio is terrible for non-technical users, and the “money-making” use cases being promoted online are either exaggerated, dangerous, or already obsolete.
A Better Path to Making Money Online
If you found this OpenClaw review because you’re looking for a way to earn money online, I understand the appeal. An AI that makes money while you sleep sounds incredible. But it’s not real — not in 2026, not for ordinary users, and not without extraordinary risk.
What IS real is building an online business using proven methods that don’t require handing an AI agent the keys to your digital life.
The approach I recommend — and the one I’ve seen produce the most consistent results for regular people — is local digital marketing. You learn digital marketing skills (Google Ads, Facebook Ads, SEO), then use them to generate leads for local businesses that will pay you $500–$2,000 per month each.
Why this instead of OpenClaw? Because:
- It actually works. People consistently reach $5,000–$15,000/month within 6–12 months
- No security risks. You’re not giving an AI agent access to your financial accounts
- Recurring revenue. Clients pay monthly, so income compounds over time
- Learnable skills. The learning curve is weeks, not months
- You’re in control. No AI agent going rogue and deleting your emails or draining your exchange account
- It’s proven. Local digital marketing has been working for over a decade — it’s not a trend that might disappear next month
I’ve spent 15+ years testing every method of making money online, from surveys to freelancing to affiliate marketing to e-commerce. The methods that consistently produce results are the boring ones — real skills, real clients, real value. Not autonomous AI agents trading crypto while you sleep.
If you’re still exploring options, here are some actually proven approaches:
- Freelancing on Fiverr or Upwork — sell skills you already have to clients who need them
- Affiliate marketing — build a blog or content platform that generates passive income over time
- Digital products on Etsy — create once, sell repeatedly
- Starting a blog — build an audience and monetize through multiple channels
- Local digital marketing — the highest-ceiling, most proven model I’ve found for reaching $5,000/month and beyond
None of these require buying a Mac Mini, configuring an AI agent, or risking your security. They require effort, patience, and skill development — but they work.
Frequently Asked Questions About OpenClaw
Is OpenClaw free?
Yes, OpenClaw is free and open-source. However, running it requires API keys from AI providers (Anthropic, OpenAI), which cost money based on usage. Active OpenClaw users report spending $50–$300+/month on API costs alone, depending on how much the agent does. Heavy users — particularly those running it for business automation or crypto monitoring — can spend significantly more.
One analysis noted that the most compelling use cases (deep work automation, continuous monitoring) are also the most expensive because they consume the most AI tokens. Casual use (occasional scheduling, reminders) might cost $20–$50/month, while running OpenClaw as a full-time “digital employee” can easily exceed $200/month in API costs alone — before accounting for the Mac Mini hardware ($500–$800) and your time configuring and maintaining it.
This cost structure is important context for any OpenClaw review focused on making money. You need to earn enough to cover these running costs before you’re actually profiting — and most of the “easy money” use cases being promoted online don’t come close.
Is OpenClaw safe?
In its current state, no — not for non-technical users. Cybersecurity researchers have identified significant vulnerabilities including exposed instances, malicious skills on ClawHub, infostealer malware targeting configuration files, and prompt injection risks. Even Meta’s AI security director had her inbox deleted by her own OpenClaw agent despite setting safety guardrails.
Can OpenClaw trade cryptocurrency for me?
Technically yes, but this is extremely risky. OpenClaw is not a purpose-built trading bot — it’s a general-purpose AI agent that can be configured for trading. Performance is inconsistent, security risks are enormous (386 malicious crypto-trading skills were found on ClawHub), and the creator has banned all crypto discussion from the official community due to overwhelming scam activity.
Is $CLAWD or $OPENCLAW a real cryptocurrency?
No. OpenClaw has no official cryptocurrency. The $CLAWD token that appeared on Solana was a scam that reached $16 million before crashing 90%. Creator Peter Steinberger has explicitly stated he will never issue a token. Any cryptocurrency claiming association with OpenClaw is fraudulent.
What hardware do I need to run OpenClaw?
Most users run OpenClaw on a Mac Mini (which has become the unofficial preferred hardware), though it works on any Mac, Linux, or Windows machine (via WSL2). You also need API keys for at least one AI provider and accounts on whatever messaging platforms you want to use as the interface.
Is OpenClaw better than Siri or Alexa?
In terms of capability, yes — dramatically so. OpenClaw can execute complex multi-step tasks across dozens of services, while Siri and Alexa are limited to simple commands within their ecosystems. But Siri and Alexa are significantly safer because they operate within controlled environments with limited permissions. OpenClaw’s power comes from its broad access — which is also what makes it risky.
Should I buy a “make money with OpenClaw” course?
No. Anyone selling a course on making money with OpenClaw is almost certainly using the hype to sell you something, not sharing a legitimate strategy. The legitimate use cases for OpenClaw require technical skills that can be learned for free through the official documentation and community resources.
Final Verdict: OpenClaw Review Summary
OpenClaw is a genuinely innovative piece of technology that represents the early frontier of autonomous AI agents. It can do impressive things — when configured carefully by technically proficient users.
But the “make money with OpenClaw” narrative dominating social media is overwhelmingly hype, exaggeration, and in many cases outright scam. The tool doesn’t create money. It automates tasks. Those are fundamentally different things.
If you want to make money online in 2026, the proven path hasn’t changed: develop a marketable skill, find people who need it, and deliver value. That’s how freelancing works. That’s how affiliate marketing works. That’s how local digital marketing works. And none of these require giving an AI agent root access to your life.
Here’s what I’d actually start building today if I wanted reliable online income. No lobsters required.
Mark is the founder of MarksInsights and has spent 15+ years testing online business programs and tools. He focuses on honest, experience-based reviews that help people avoid scams and find real, sustainable ways to make money online.