hckrnws
You don't need to use OpenClaw, NanoClaw or any of these new variants. You can literally use Codex, Claude Code, Gemini, OpenCode for the same thing. The only thing that it is missing from all of them is the communication channels because none of them come with native communication tools like OpenClaw.
But this is not such a big deal.
I made an open-source lightweight daemon in Go that fills that gap. All it does is to provide the means to connect to popular messaging systems like Slack, Discord, WhatsApp, Telegram, etc. and expose this all through the CLI.
The project is hosted here: https://github.com/pantalk/pantalk
My personal realisation recently has been that the unix way is the best way. We just need to go back creating daemons and lightweight composable CLIs and let agents do their thing. They are increasing being trained to operate the command-line and they are getting pretty good at it.
What about heartbeats, cron etc? Seems like a major part of the 'claw' appeal is that it can work autonomously, monitor your email inbox for stuff and take action automatically...
I hear a lot about people doing this but it really seems like it is prompt injection as a service. eventually the things that can happen when you give the world write access to an unattended LLM that can access both your browser and password reset mechanism will happen.
or someone will just make it email lewd pics to people’s bosses for the lols
That theory is being tested. So far no prompt injection has broken in:
It's a neat idea but it's not exactly plausible real world conditions to have an agent that pretty much exclusively spends its time wading through an email inbox that's 99% repeated prompt injection attempts. As the creator acknowledges in the original thread, its context/working memory is going to be unusually cognizant of prompt injection risk at any given time vs. a more typical helpful agent "mindset" while fulfilling normal day-to-day requests. Where a malicious prompt might be slipped in via any one of dozens of different infiltration points without the convenience of a static "prompt injection inbox".
https://x.com/benhylak/status/2025873646724800835
turns out it doesn’t even need to be an attacker…
Since when do security researchers and black hats give away their tools for free?
Mostly because no one cares about trying to hack "hackmyclaw", there is zero value for any serious attacker to try. Why would they waste their time on a zero value target?
The only people who tried to hack "hackmyclaw" are casual attempts from HN readers when it was first posted.
Meanwhile, tons of actual OpenClaw users have been owned by malware which was downloaded as Skills.
Also, there have been plenty of actual examples of prompt injection working, including attacks on major companies. E.g. Superhuman was hacked recently via prompt injection.
I would never use it on my MacBook or any machine but I understand why technical people would want to experiment with something dangerous like that. It’s novel, exciting, and might inspire some real practical products in the future (not just highly experimental alpha software).
I'd love if someone with experience can correct me if I'm wrong but in my experience it can do all of that really, really badly. I find the happy and most likely case for any sort of autonomous thing is that it totally fails to do anything. The sad case is it does the wrong thing. There's just no case where these things make good judgement calls or understand what you think is important.
I do still find some things useful about my nanoclaw setup - convenience and easy scheduling of LLM related tasks. Well, promising actually, not useful yet. But autonomy is not one of those things.
You could literally set up a heartbeat or a cron. It's faster than setting up the claw.
And if you don't know how, CC does.
Ask your claude to make a cron to wake itself up. Done.
Crontab entry to read a file and run a prompt?
You can do both with the cron daemon. But pantalk can also trigger the agent after some notifications are buffered too. So that also is a trigger. You don't really need one massive library. All operating systems have native ways to do all of these things and more.
I don't know. You can even use systemd if you like.
Hahaha a year ago I did this. Crontab -e
Run Claude -p and Claude already has mcp,'s configured so it can do anything I wanted.
You should be like '$10,000,000 please'
It is truly odd in a way. You had posts here about Google managers or execs saying AI coded something solid in a few days what their own team were working on for months or years, or something along those lines. But people seem to ignore that creating a clone of your favorite "Claw" product seems like an ideal first project for the sea of mid or senior engineers that haven't dipped their toes into the vibe-coding ocean.
You have people talking about the tired topic of the lack of moat for AI businesses. But people should be calling out the moat that most tech businesses take for granted. Forget the moat that prevents other businesses, what about the moat that prevents your own users from creating your own product "from scratch"?
This is basically just telling people to learn to code
Which IMO they should anyway if they are doing advanced automation
No coding is required. You can literally ask your agent to install and configure it. It is only 2 small binaries and no external dependencies. It cannot be any easier than that.
Seriously, for anyone that knows how to code it’s super easy to setup your own thing. I set up an cloudflare email worker that just forwards emails to my server and Claude can send me emails back. It’s super nice because email already has all the functionality for threads and nice formatting.
Since I control the server and all the code it’s very simple to setup up schedules or new tools.
I can’t see myself using most of these because I don’t want them having my conversations.
I really want a native iOS chat client that connects directly to my home server.
You’re missing the point. None of those have the same integrations into other software and APIs that the OpenClaw plugins provide. And not everyone wants to write their own minimal implementation. This is why OpenClaw is popular.
I’ve been using happy cli, works great
> You don't need to use OpenClaw, NanoClaw or any of these new variants.
> Here's my own implementation!
Insert xkcd standards joke.
Umm, is it out of the grey area of Whatsapp (and others') TOS?
For my version of the AI assistant, I used a Docker container and Unix permissions:
https://github.com/skorokithakis/stavrobot
All plugins run in one Docker container, but they're isolated from each other by different *nix users, so they can't read each other's files. That's much more lightweight, and you don't have to run one container per plugin.
Crucially, plugins can't read each other's secrets or modify each other's code. I even have a plugin configuration webpage that doesn't go through an LLM, so the LLM never sees your secrets if you don't want to.
> But NanoClaw isn't just my personal project anymore. Thousands of people are using it. People are running production workloads on it. Businesses are building on it. There's a real community now.
as OpenClaw and now NanoClaw became "enterprise", now we need a new FemtoClaw to pick up the indie/boutique place
How is this "becoming enterprise"? If anything it now defaults to millions of Linux users being able to access it
How's 100 lines? :)
I'm sure whatever LLM FemtoClaw calls out to will also write a blurb about its growing adoption in production enterprise applications. This sentiment is probably very well represented in the training data.
Could also make the other part ‘smaller’ and use nail, hoof or dewclaw (https://en.wikipedia.org/wiki/Dewclaw)
We need to go the other direction. GigaClaw eats $100,000/month in tokens and requires a Threadripper with 256GB of RAM on a gigabit connection just to handle the orchestration.
Comment was deleted :(
Well, there was Picoclaw, but I think it was renamed to Clawlet.
That's old news. Now there's Plancklaw, renamed to ∅. It has no code base, no bugs, no security issues, infinitely scalable, and all the features of every other *claw.
Well actually there is ROE.md, no code, just a Markdown file to generate a claw.
The code is always generated using the latest LLM, ensuring that it takes advantage of the latest architectures and programming language features.
MicroClaw.. No fear of it becoming corporate LOL.
Putting these NanoClowns inside a container will not protect you from all kinds of safety hazards.
That's the fun part! You spend all day hardening it... run it in docker in a vm on a separate machine. And then you hook it up to your gmail and give it unrestricted internet access :)
An exciting bet on whether the prompt injection will come from the open web or via email!
Let’s be honest. The whole thing is just the prevent Claude from “rm -rf / “.
It’s it someone is trying to avoid the thing talking to the internet or reading your emails, it’s just that it sometimes has the strange itch to change some files outside of the project.
Wearing a seatbelt will not protect you from all kinds of car accidents.
Yes. That's why you don't put a Clown behind the steering wheel.
It is more like getting in the car with Stuntman Mike. The risk is not that the driver might make a mistake but that it actively turns against you and a container is not a security boundary against an adversary.
"Because it was a 50-50 shot on whether you'd be going left or right [...]"
Yeah, that about sums up how terrifying it is to give these agents so much access to things.
Tesla Robotaxi says hold my beer
Wearing a helmet will not protect you from all injuries caused by jumping off a cliff.
Point is, don't jump off a cliff.
The nature of these tools is that you tell them not to jump off a cliff, so they ride the bicycle over it. Or a car. Or "you're completely right. I assumed it was possible to fly". Or...
or you pass by graffiti telling it to jump off a cliff, written in iambic pentameter (or whatever is the jailbreak meta of the month)
I’m not sure what docker is helping with that an unprivileged Linux user account doesn’t already do. The scary stuff with claws is unrelated to process isolation.
I’ve been building sandboxing for Claude code workloads. So I can let it run wild without breaking my computer. Originally I used docker, but I’m now in the process of jettisoning that, and switching to qemu.
For my use case I want ssh access and being able to use docker in docker. This allows for things like test containers and docker compose. You can get all of that working with docker. But you kind of have to fight docker the whole way.
NanoClaw might have different needs, and docker could work better for it, and I hope so for their sake. But I’m not optimistic.
If you use Arch Linux, there's now an AUR package to install it -- made by yours truly.
I can't believe the solution is creating uncompatibile branch and forcing users to use cladue for resolving merge conflits. Why not bake in the dual compatibility?
you may slot in podman, but apple container is not very good atm.
Ironically, the whole "claw" thing reminds me of the time everyone was scrambling to get on the container orchestration bandwangon.
I'm surprised that the developer experience around sandboxing on macOS is generally so bad. Seatbelt is in limbo and apple containers are just a pain to work with as some have highlighted in this thread
Is there any developer experience on Apple products that isn’t bad?
Can someone explain the special sauce of the claws compared to just use claude.ai etc
There is no special sauce, it's mass hysteria driven by fake adoption metrics and people who don't know anything about computers who let "agents" run free on theirs. It's the equivalent of showing a magician cut a women in a box in half to a 5 years old kid... Put them in the same category as the neckbeards getting a hard on every 3 weeks for the past 2 years when they get to see the new version of ThE PeLiCaN On A BiCyCle... I wonder how long the circus will keep on going, at least it's funny to witness from the outside
I've found real utility in it, but the hype definitely exceeds the current capabilities
Damn son, you sure sound salty!
Better salty than tricked by smoke and mirrors into thinking the singularity will happen in two release cycles and that chatgpt will cure cancer and poverty by 2028 lmao
This is a classic early internet style snarky comment you used to find all over forums
> Some comments were wrong about one thing long ago hence every comments remotely similar about any other remotely similar thing will always be wrong
That's how this argument sounds... And it really isn't a strong argument
You really should open your mind to what this tech can achieve. Sooner or later it will click in a way that permanently alters the reality
It is a huge unlock. Ignore this snark and try it yourself. Any agentic use case you can imagine you can start to tackle.
Openclaw itself is buggy but the idea is amazing.
> Any agentic use case you can imagine you can start to tackle.
If "agentic use case" is shorthand for "use case that would benefit from giving non-deterministic systems blanket access to private local data and external accounts" than I can't imagine any such use cases.
They're "always" running, so they can notify you out of the blue, without you having to initiate a conversation. It's really nice UX to get a message from my assistant saying "hey, it's time to leave for the gym, and don't forget the supermarket bag because you're picking up milk on the way back, as you've run out".
Dunno, my calendar reminds me "out of the blue", without me having to initiate a conversation, that it's time to leave for the gym, no "claw" or "ai" involved.
I always have my backpack with me, so if I need milk I can pick it up on the way back. And I am pretty sure that I have to notice if I need milk myself.
The tech sounds cool, but whenever I hear about actual applications, I don't see the point.
That's because you just lack of imagination. Imagine if you have a human personal assistant, what would you ask them to do? Examples:
"Find me the cheapest ticket to Las Vegas for the first week of June. Buy one at anytime that you think is reasonable. Wait until no later than two months from now before buying. Get two tickets if my brother can also go".
"Email me if anyone posts a Sega multi mega for sale. But only if it's in black color".
I have no idea if OpenClaws can already do such a task or not, I don't have one, but it opens up new possibilities. If it isn't there yet, it will be.
> Imagine if you have a human personal assistant, what would you ask them to do?
That’s kind of the confusing thing for me, I wouldn’t have a human personal assistant do anything for me as long as any money is on the line. I couldn’t teach them my preferences well enough to trust them to do it the way I want, instead of just doing it myself.
Personal assistants only make sense to me if you’re so rich that money doesn’t really matter to you anyways.
Your trip booking thing for example is something I would never give to a human assistant.
The alert for stuff on sale can already be done on the usual price tracking websites.
> I wouldn’t have a human personal assistant do anything for me as long as any money is on the line.
You don’t have to trust them with money. You can ask them to send you the info for you to do the final step.
> Your trip booking thing for example is something I would never give to a human assistant.
Maybe not you, but people already use personal travel agency for their booking need, see for example:
https://www.reddit.com/r/travelagents/comments/1i4fiod/best_...
Air ticket booking agency used to be popular before the Internet made that business obsolete.
> The alert for stuff on sale can already be done on the usual price tracking websites
Sega multi mega is a rare collectible item. No price tracking websites have it. You need to frequent online groups or forums of enthusiasts. eBay may have ones, but information (e.g color) may be missing, and follow-up is required. OpenClaw can do that for you.
Yes, there are probably people for whom this sort of thing can work.
For example, when I was at M$, management came to us extolling the virtues of Cortana and the then new "smart inbox". The manager was ecstatic. And for him, it maybe really was the neatest thing since sliced bread. And I know plenty of people with 10000+ unread in their INBOX. For them, it might be lifesaver.
But all the engineers in the room were "eek, get it away from me and make sure it never gets near my inbox". I personally maintain an INBOX-0 policy, not always perfectly, but it works for me. Unreads never last for more than a few minutes. So I have "situational awareness" of my e-mail, and when Apple also introduced smart inboxes, they broke that situational awareness while adding nothing whatsoever to my benefit. And people I communicate with also started losing e-mails, because they got sorted somewhere they weren't expecting.
So turn that shit off.
Thank you for illustrating my point perfectly: none of these scenarios you give as examples are things that resonate with me at all, and I wouldn't delegate them to a human personal assistant either.
I mean, yes, some people have real issues with delegating tasks to others. Those people probably wouldn't get much benefit from an... AI assistant. That doesn't "illustrate your point", it just states the obvious.
You are confusing "issues" with "lack of need" and "lack of benefit of proposed solution".
Again, I think the tech is cool, and I would actually really like to both better understand and try out the tech. But to try something out in earnest, I need some concrete use-case, and so far the use-cases I have seen range from "meh" to "get it away from me".
For agentic coding, I also needed some concrete use cases, and I found where it worked really well, where it struggles, and where it's just horrible.
Okay but like, some people don't live the types of lives where they could benefit from an assistant, either a real one or an AI one. I'm one such person. My life is pretty simple. I don't juggle a thousand different things, and am comfortable with taking care of everything myself. But I also recognize that not everyone is like that. I have a lot of friends who can barely stay on top of things. They have families, demanding jobs (sometimes more than one), lots of responsibilities, and they constantly forget to do stuff or postpone due to lack of time. I think tech like this, once (if) it becomes more reliable and user-friendly, could really gain a lot from them.
Bottom line is that there's a big difference between "not useful to me" and "not useful". If it was the latter, nobody would have human personal assistants either... but that's not the case.
I always clearly stated that the use cases don't resonate with me and that I don't see the point.
And the people who have (the need for?) human personal assistants seem like a very small subgroup to me.
¯\_(ツ)_/¯
> Imagine if you have a human personal assistant, what would you ask them to do?
Those are not good examples for why people have a human assistant, you have human assistants to do in-person or person-to-person things that you don't have the time or desire to do yourself. They are simply not the same as releasing a 24/7 ai roulette process on the internet with all your payment and account info.
The online monitoring examples can be done with current automation tools and scripts
If I had a human personal assistant, I'd tell him to clean my gutters, sweep the driveway, clean the kitchen table...
I understand, if we imagine a world where everyone is constantly plugged into the computer all the time, and every bit of human activity is coordinated and surveilled by the computer at all times, this shit appears to be quite useful. Otherwise and even if, it's total schlock.
Like, "hey openclaw can you order me groceries" is great, but the only reason is that there's a wageslave on the other side of that transaction who has to drive to the grocery storef and pick the groceries out. Pretty soon that slave is going to be all of us and my god it makes me feel like an insane person that the boosters of this tech don't see that.
Good luck ever getting this to work when airlines still refuse to publish APIs and captcha anything that looks automated.
Well, it will work when there is enough demand. “Ever” is very long time. Are you willing to bet on it?
The point still, is that OpenClaw opens new exciting (and dangerous) opportunities for non technical users.
If you don't have a need for a personal assistant, that's fine, not everyone does. That doesn't mean nobody does.
The milk thing was just an example of a tool that can intelligently combine things for you, not a literal "it's a calendar with a milk function".
This is a bit like "if I want to call my friends, I have a phone a home, why would I need a mobile?" which somewhat betrays a lack of imagination.
You're just not providing any good examples of what I cant already do with current automation tools.
My wife constantly asks me about adding books to her Kindle. I use Anna’s archive for this, but the process can be very annoying. I have to go to the site, search for the content. Filter by epub and English. Then download the content. Then send it to her Kindle email.
My openclaw now searches for the relevant content upon her request, sends the URL to a Stacks docker instance, monitors the Stacks instance for when the download completes, grabs the resulting epub from a local file share, then sends it to her kindle email. She doesn’t even send me the request anymore; she sends them straight to the Discord bot.
It also corrects our calendar every night. She often just through something on the calendar like “[son’s name] speech”, but we have speech appointments in either of two locations, and I have a strong preference for calendar items in the format “[person] - activity”. If she puts the city name with the speech appointments (“[son’s name] speech [town]”), openclaw reformats the title accordingly and adds the physical address of the speech therapy office we go to in that town. This means Apple Calendar sends us notifications when it’s time to leave, instead of just 30 mins prior.
I have a few others as well, but those are real world examples. Maybe they don’t matter for your use case, but they’re good for mine.
But it's so easy to just download from libgen and send as an attachment to a Kindle email...
Are you being sarcastic?
Like sure, it is. But when I'm out doing something and she texts me a book title and author, I'd have to make a mental note to take care of it next time I'm free. It also means having a stack of epub files in my phone/tablet/laptop downloads that I've got no use for.
Everything I’ve seen about it feels so over engineered
Hmm, Google Gemini has access to my Google Tasks and can set reminders. It's also asked me if I want it to check something at "tomorrow 9am", and when I said yes, it managed to do that.
Yeah, that's kind of like it. Agents just have many many more integrations, so they can do many more things. For example, it knows all my preferences, and can search for flights and say things like "this one is more expensive, but skipping the morning wakeup is worth the $20".
But have you had consistently good experience with Google Gemini and Google apps? Or read the mixed reviews?
For me, Gemini has been hit or miss and somehow less useful than Assistant was 2+ years ago.
The coding assistant for VSCode is nuts (i.e. gets it wrong a lot, also one time it just got so confused).
I have Gemini Pro for free for a year because I bought a Pixel phone, it answers very fast, so I like it. Let's see how I'll feel about shelling out real money when the subscription ends. But on the phone, I still use Assistant (and just have a shortcut to launch the webpage in my browser), because the phone was forcing Gemini, but after 5 minutes of usage I found it was slower for my usages (usually I just tell it to set an alarm and add a reminder/calendar event), and when I asked about my tasks, Gemini would get the task listing from Google Tasks, and keep it in its history... that'll pollute my chat history!
Sorry to hear that.
I've had a similar deal. "Free" means included, and we are the beta testers!
In the last month, Gemini successfully persisted Google notes and calendar events. It also malfunctioned by adding these to chat context...(and not persisting to Google Calendar or Keep.)
Same commands. Different outcomes. It's unusable.
How would it know you've ran out of milk?
I told it when I noticed. I made a little pendant with a mic I can speak into and it goes to the bot.
I would love to hear more about this!
I haven't written it up yet but the repo is here:
It's just a MEMS mic, a battery, and an ESP32, very simple but it works amazingly well. I wrote a companion Android app for it and it works extremely reliably!
Are you running NanoClaw or a different project?
He's running his own thing: https://github.com/skorokithakis/stavrobot
Turns out Humane was ahead of its time.
I just tell CC to create a cron job systemd unit
How do people afford this?
Claude max $100 is way more usage than I need. And yeah its not running all the time, just has a heartbeat file telling it how to check something and run
A subscription, really. It doesn't actually run all the time, it just has a cron job that makes it feel that way.
Haven't you ever wanted to create a gigantic attack surface for your digital life that is always running and just aching to be pwned?
It can schedule stuff and run in a loop, so it's like claude combined with cron. Truly amazing technology.
Crons. A local daemon. System access as a user with the ability to listen to changes. Some idea of shared “memory” between sessions. Provider agnostic about AI. Multi-model.
Can you elaborate on “listen for changes”? AFAIK it can’t do that and needs cron jobs to check.
Webhooks are a thing.
It's for people that don't know how or don't want to be bothered with setting up a messenger integration and a scheduler.
they have a watchdog loop, it runs periodically
There is no special sauce. They are claude or codex in a loop. The loop is facilitated by basic cron jobs. That's it.
Ai Agent as it has been for months, plus skills, plus a cron job to prompt it to do things every 20 minutes or 2 hours or however often you want.
Sensible, this broadens our hosting options.
apple container is really buggy with networking
That’s not the fault of containers, I have significant Bluetooth and WiFi issues on my apple devices without running any containers.
TBH I'm not sure why there is a whole debacle around security with openclaw (obviously you should run it in a sandbox) and if it makes sense for these bots to tackle sandboxing themselves. Now I have to trust their sanboxing vibe code? If not, then I have to run them in another sandbox and deal with nested virtualization.
I installed nanoclaw last night funny to see it here on HN.
It was easy to install it, and get it running. I could @Andy message it on whatsapp but after that it fell apart fast.
I asked it to login to Facebook and check my notifications, and it started saving credentials and random things in the repo as json files. And din't work. It was hard to even figure out what was happening and why it didn't work.
Then I tried messaging it again and it didn't respond to me.
These things are extremely brittle despite the enourmous amount of github stars. I think it's just normies starring things trying to get on the train unfortunately. The promise of an AI Jarvis is unrealized still.
So they're making it use OCI images? Cool. Hopefully there will be good support for Podman.
apple containers also run on OCI images: https://github.com/apple/container?tab=readme-ov-file#contai...
> The tool consumes and produces OCI-compatible container images...
Comment was deleted :(
Lol production use case for apple containers on what cloud
[flagged]
Use containerd , Docker is cancer.
Crafted by Rajat
Source Code