惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
N
News and Events Feed by Topic
D
DataBreaches.Net
MongoDB | Blog
MongoDB | Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Engineering at Meta
Engineering at Meta
T
Tailwind CSS Blog
博客园_首页
Microsoft Azure Blog
Microsoft Azure Blog
Y
Y Combinator Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
月光博客
月光博客
A
About on SuperTechFans
I
InfoQ
S
Securelist
Last Week in AI
Last Week in AI
S
Schneier on Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
Hacker News: Ask HN
Hacker News: Ask HN
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
腾讯CDC
大猫的无限游戏
大猫的无限游戏
S
Security @ Cisco Blogs
博客园 - 三生石上(FineUI控件)
Simon Willison's Weblog
Simon Willison's Weblog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
美团技术团队
aimingoo的专栏
aimingoo的专栏
G
Google Developers Blog
罗磊的独立博客
Vercel News
Vercel News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
S
Secure Thoughts
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Latest news
Latest news
Recent Announcements
Recent Announcements
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
L
LINUX DO - 热门话题
Security Latest
Security Latest
TaoSecurity Blog
TaoSecurity Blog
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
I Spent Weeks Reverse-Engineering OpenClaw. Here's What Nobody Tells You.
Fedishin Naz · 2026-04-27 · via DEV Community

This is a submission for the OpenClaw Challenge.

Everyone's talking about OpenClaw like it's witchcraft.

You set it up, connect your Telegram, and suddenly it's scheduling standups, summarizing your RSS feeds, transcribing voice notes, and remembering a conversation you had three weeks ago. People in forums describe it with words like "it feels alive" or "I don't even know how it did that."

I'm a CTO building AI-powered products. That kind of mystery bothers me.

So I spent several weeks pulling OpenClaw apart. Reading the source. Tracing every request. Building a competing prototype. And what I found changed how I think about AI agents entirely — not because it's more complex than I expected, but because it's radically simpler.

Here's what I learned.


The Illusion Factory

Let me start with the punchline: OpenClaw has no magic. Zero. It uses patterns that have existed in software for decades — event loops, cron jobs, file-based config, tool calling. The "intelligence" you perceive is almost entirely the underlying LLM doing its job. OpenClaw is the scaffolding around that LLM, and once you see the scaffolding, you can't unsee it.

That's not a criticism. That scaffolding is genuinely clever. But understanding it changes everything about how you use, configure, debug, and trust the system.


What OpenClaw Actually Is: Three Components

Strip away the marketing and you have three things:

1. Channels — The Mouth and Ears

OpenClaw doesn't natively "understand" Telegram. Or WhatsApp. Or web chat. Each platform is just an adapter — a thin layer that converts platform-specific events (a Telegram message, a WhatsApp voice note) into a normalized internal format. When you message your agent on Telegram, OpenClaw literally doesn't know it's Telegram. It sees structured input. That's it.

This matters because it means adding new channels is straightforward: build an adapter, normalize the input, plug it in. The agent doesn't change.

2. Context Window — The "Memory"

Like every LLM-based system, OpenClaw builds a context window and sends it to the model. The context includes:

  • System prompt (who the agent is, what it can do)
  • Tool descriptions (what functions it can call)
  • Conversation history (the back-and-forth so far)
  • Injected memory snippets (retrieved from files when relevant) That last one is the trick. When your agent "remembers" something from last month, it didn't remember anything. It retrieved a snippet from a Markdown file and injected it into the current context. There's no persistent memory in any neural sense — it's selective file retrieval.

3. Tools — The Hands

Tools are functions the LLM can call:

send_message(channel, text)
read_file(path)
exec(command)
memory_write(content)
memory_search(query)
cron_create(schedule, task)

Enter fullscreen mode Exit fullscreen mode

When your agent "decides" to send you a summary, it's not deciding anything. The LLM pattern-matched on its training to output a tool call. OpenClaw intercepts that call, executes the function, and feeds the result back into context. Same loop, over and over.


The Memory System: It's Just Markdown

The thing that makes OpenClaw feel alive is its memory. Let me break down exactly how it works — because this was my biggest "aha" moment.

Three Layers of Storage

Daily journals — every day, the agent writes a log file:

# 2026-04-25

- Discussed new features for trading dashboard
- Set reminder for Friday deploy window
- User mentioned they're in Wiesbaden

Enter fullscreen mode Exit fullscreen mode

Long-term memory (MEMORY.md) — a flat Markdown file where the agent writes facts it considers important. User preferences, project context, recurring patterns.

Full session history — every conversation stored as JSON. The agent can search back through any past session.

QMD: The Secret Sauce

OpenClaw includes an experimental utility called QMD (Query Memory Database). It's a semantic search layer over all that Markdown — vector embeddings plus keyword search combined.

When you say "remember that idea I had about the auth flow?" — QMD doesn't search for those exact words. It finds conversations that are semantically similar, even if you used completely different vocabulary. This is why retrieval feels uncannily accurate sometimes.

QMD can be used standalone (CLI tool) or as an MCP server plugged into other agents. I've started using it outside of OpenClaw entirely.


Proactive Behavior: How It Acts Without Being Asked

This is OpenClaw's most distinctive feature — and the one most people don't fully understand.

Heartbeats

Every 30 minutes, OpenClaw reads a file called HEARTBEAT.md and sends its contents to the LLM for evaluation:

# HEARTBEAT.md

- Check for new GitHub PRs needing review
- Scan content backlog for anything overdue
- Monitor RSS for relevant tech news

Enter fullscreen mode Exit fullscreen mode

If nothing requires action, the agent responds HEARTBEAT_OK and goes back to sleep. If something needs attention, it acts.

30-minute precision is a real limitation — you can't trigger something at exactly 14:37. But for most "ambient awareness" tasks, it's more than sufficient.

Cron Jobs

For precise timing, OpenClaw writes JSON task files to a chrome/ directory:

{
  "schedule": "0 9 * * MON-FRI",
  "task": "Fetch open PRs from GitHub, summarize, send to Telegram"
}

Enter fullscreen mode Exit fullscreen mode

When the schedule fires, it loads the task context, sends it to the LLM, executes any tool calls, and sends you the result.

I have this running for my daily async standup. It pulls tickets, checks PRs, and sends a formatted briefing to Telegram at 9am. I set it up once in natural language. It just works.


The Workspace: Natural Language as Configuration

Here's the architectural decision that I think explains most of OpenClaw's appeal: behavior is configured in Markdown, not code.

When OpenClaw starts, it reads a workspace directory containing files like:

  • SOUL.md — personality, tone, how it speaks
  • USER.md — who you are, your preferences, your context
  • TOOLS.md — what integrations are available
  • AGENTS.md — behavioral rules and constraints
  • HEARTBEAT.md — proactive tasks Change these files, change the agent. No restarts, no code deploys.

My SOUL.md contains things like: "Be direct. Skip affirmations. If you disagree, say so. Prefer short messages unless depth is explicitly requested."

That one file eliminated about 80% of the AI assistant behaviors that annoy me.

One curiosity I noticed: the system prompt is structured to mimic Claude Code's format. My guess — it's to avoid Anthropic flagging subscription accounts for "unauthorized use." The agent looks like Claude Code to the API. Whether that's clever or risky is a question worth thinking about.


The Security Problem Nobody Wants to Talk About

Here's where I get uncomfortable about OpenClaw in production.

To send a Telegram message, your bot token lives in the context window. To access Gmail, your OAuth credentials are there too.

Everything is accessible to the LLM.

LLMs are non-deterministic. They can be prompt-injected. A sufficiently crafted input can theoretically coerce the model into leaking credentials in its response. This isn't theoretical — there are documented attacks.

For personal automation and experimentation, this risk profile is acceptable. For anything touching sensitive business data, healthcare, finance — it's not.

This is why I find the alternative implementations more interesting than OpenClaw itself.


The Alternatives: What the Community Built Next

NanoClaw — Radical Minimalism

NanoClaw's thesis: most of OpenClaw's features are noise. It strips everything down to the minimum — no sprawling integrations, no built-in channels. Just a clean runtime where you add exactly the skills you need, isolated in containers (Docker or Apple sandbox).

It only supports Anthropic SDK, which is a real limitation. But the codebase is tiny, auditable, and does exactly what it says.

For developers who know what they want, this is compelling.

IronClaw — Security-First Architecture

IronClaw tackles the credentials-in-context problem head-on using WebAssembly sandboxing:

[Telegram WASM sandbox] ←→ protocol ←→ [Brain/Orchestrator] ←→ protocol ←→ [LLM WASM sandbox]

Enter fullscreen mode Exit fullscreen mode

Each tool runs in an isolated WASM container. The orchestrator communicates via protocol — it can request "send Telegram message" but never sees the bot token. Credentials stay in the tool, never exposed to the LLM.

The implementation is in Rust, uses Postgres for vector search, and currently only works with Near AI as a provider — which limits adoption. But the architecture is sound and points at where this ecosystem needs to go.


My Own Experiment: What I Actually Built

While pulling OpenClaw apart, I prototyped my own modular architecture to test whether credential isolation was worth the complexity cost.

I split it into three Docker containers with protocol-based communication:

  • Brain — orchestrator, context management, routing
  • LLM — provider interface (swappable: Anthropic, local Ollama, etc.)
  • Telegram — messaging adapter
{
  "from": "brain",
  "to": "telegram",
  "action": "send_message",
  "data": { "text": "PR review needed: auth-refactor branch" }
}

Enter fullscreen mode Exit fullscreen mode

The LLM module never sees Telegram credentials. The Telegram module never sees LLM API keys. Each container is independently deployable — they can run on different machines entirely.

What I learned:

The security improvement is real. The complexity cost is also real. Debugging cross-container message flows is significantly harder than debugging a monolith. And network latency between modules adds up in high-frequency conversation flows.

My conclusion: the modular approach makes sense for production deployments handling sensitive data. For personal automation and experimentation, the added overhead isn't worth it.

I haven't released this yet — but if enough people are interested, I'll clean it up and publish. Drop a comment if you want to see it.


Real Workflows I Actually Set Up

Enough architecture. Here's what I'm running in practice.

Daily Standup via Telegram

Every weekday at 9:00, OpenClaw pulls open PRs from GitHub and checks updated tickets in YouTrack. It sends a single Telegram message:

📋 Morning briefing — Mon Apr 28

🔴 Blocked: auth-refactor PR waiting review (2 days)
🟡 In progress: payment module — Dmytro
✅ Ready to take: 3 tickets in backlog

2 PRs need your attention.

Enter fullscreen mode Exit fullscreen mode

No browser. No tab-switching. I read it with coffee, decide what matters, start working. Setting this up took one cron entry and a HEARTBEAT.md update.

Before: 20 minutes every morning across GitHub, YouTrack, Telegram chats.

After: 90 seconds to read and act.


Voice Tickets on the Go

I walk a lot. Good ideas arrive at bad times — mid-street, at the gym, away from the keyboard.

Now: record a voice message in Telegram → OpenClaw transcribes via Whisper API → extracts the task → creates a YouTrack ticket with priority and assignee inferred from project context.

The assignee part surprised me. I never configured this explicitly — OpenClaw figured out from USER.md who owns what area and assigns accordingly. About 80% accuracy. The other 20% I fix in 10 seconds.

Before: "I'll create the ticket when I get back." (I didn't.)

After: Ticket exists before I reach the next corner.


Hardware Debug Monitor

This one is specific to a project I've been running — getting an NVIDIA H100 on a non-standard board via a custom SXM-to-PCIe adapter. The debugging involves watching UART logs for specific error patterns, which means either staring at a terminal or missing the signal entirely.

I set up an OpenClaw heartbeat that watches a log file and pings me in Telegram when a target pattern appears — specifically GPU0_PWR_GOOD state changes and I2C error sequences.

# HEARTBEAT.md

- Check /var/log/uart-debug.log for GPU0_PWR_GOOD or I2C_ERR
- If found: send full context line + timestamp to Telegram
- Otherwise: HEARTBEAT_OK

Enter fullscreen mode Exit fullscreen mode

Result: I can work on other things while the hardware does its thing. When something changes, I know immediately. No babysitting the console.

This is where OpenClaw's "boring" heartbeat mechanism earns its keep — not for productivity workflows, but for async technical monitoring.


Pre-Meeting Intel

Before important calls — investor conversations, partner meetings, vendor negotiations — I was spending 15-20 minutes scrambling to remember what we discussed last time, what the current project status was, what they asked for.

Now I have a scheduled task that runs 30 minutes before any calendar event tagged [prep]. It pulls the last 3 conversations with that contact, checks project status in YouTrack, and sends a briefing to Telegram:

📅 Call with [Partner] in 30 min

Last conversation: March 14 — discussed API rate limits, they asked for SLA docs
Current status: SLA draft ready, waiting legal sign-off
Open question from them: pricing for enterprise tier

Suggested talking points:
→ SLA is ready, share during call
→ Enterprise pricing: we haven't finalized yet, buy time

Enter fullscreen mode Exit fullscreen mode

The quality of the briefing depends entirely on what's in the context files. But even at 70% accuracy, showing up with this is dramatically better than showing up blank.


After all of this research, here's my actual take on where OpenClaw sits:

OpenClaw is a brilliant proof-of-concept. It demonstrated that a persistent, proactive, memory-equipped AI agent is achievable with existing tools. The design decisions — Markdown workspace, heartbeats, cron scheduling — are genuinely good ideas that will outlive OpenClaw itself.

It's also overly complex for most long-term use cases. The codebase has accumulated patterns that made sense during rapid development but create real maintenance overhead. The security model is a liability at scale. The subscription abuse workarounds are a ticking clock.

My prediction: developers who can will build custom agents tailored to their specific workflows. Non-developers will wait for polished products from OpenAI, Anthropic, or Google — which are coming, and which will abstract all of this complexity away behind a consumer interface.

OpenClaw is the Mosaic browser of AI agents. Not the final form. But the thing that showed everyone what was possible.


What This Means for You

If you're a developer exploring AI agents, OpenClaw is worth running locally for a week. Not necessarily to keep using it — but to understand the patterns. Context window construction, tool routing, memory retrieval, proactive scheduling. These primitives will appear in every serious agent system you build or encounter.

The specific thing I'd encourage you to study: the Workspace file system. Natural language configuration is underrated. The ability to reshape an agent's behavior by editing a text file — no redeploy, no code change — is a UX pattern that should become standard.

And if you're building agents: think about credential isolation from day one. Don't wait until you have a production incident. IronClaw's WASM approach is one path. Docker-based module separation is another. The specific implementation matters less than the principle: credentials should never live in the LLM's context.


What's Next

I'm continuing to build out the modular architecture and am considering a deeper dive into QMD — the semantic memory search utility is genuinely useful outside of OpenClaw and deserves its own writeup.

If you're building something in this space, drop a link in the comments. The ecosystem is moving fast and I want to see what directions people are exploring.

And if something in here was wrong or oversimplified — tell me. I'd rather be corrected than confidently mistaken.