I've only been playing with it recently ... I have mine scraping for SF city meetings that I can attend and public comment to advocate for more housing etc (https://github.com/sgillen/sf-civic-digest).

It also have mine automatically grabs a spot at my gym when spots are released because I always forget.

I'm just playing with it, it's been fun! It's all on a VM in the cloud and I assume it could get pwned at any time but the blast radius would be small.

I use it for a side project. I just put it on VPS, and then it edits the code and tests it. The nice thing is that I can use it on the go whenever I have spare moment. It is addictive, but way better addiction than social media IMO.

The thing where you give it access to all your personal data and whatever I haven't done and wouldn't do.

I use it to manage a media server. And use natural language to download movies and series. Also I use to for homeassistant so I csn use natural language for vacuuming the house and things like that. I do use it for a number of other tasks but those are the most partical.

I don't use this one, but a simpler one, also running on a vps. I communicate via telegram.

I say to it: check my pending tasks on Todoist and see if you can tackle on of those by yourself.

It then finds some bugs in a webapp that I took note. I tell it to go for it, but use a new branch and deploy it on a new url. So it clones the repo, fix it, commit, push, deploy, and test. It just messages me afterwards.

This is possible because it has access to my todoist and github and several other services.

I use it mostly for the crons, it runs a personal productivity system that tracks my tasks, provides nudges, talks through stuff etc. It's all stored in an Obsidian vault that syncs to my desktop. I don't use it to control email/calendars or other agents.

I was asked by someone recently to try to set up an OpenClaw that would search for ordinances and other land registry information for all 3000+ counties/parishes in the USA to obtain and distill specific details on their support for building tiny homes.

I am experimenting prompt injection on OpenClaw [0][1], quite exciting.

[0] https://itmeetsot.eu/posts/2026-03-27-openclaw_webfetch/

[1] https://itmeetsot.eu/posts/2026-03-03-openclaw3/

Agent based chron jobs mostly that work with other agents. It’s really nice if you want to tell your computer to do something repeatedly or in confluence with many other agents in a very simple way. Like check my email for messages from Nadia and send me a notification and turn on all the lights in my driveway when she gets there without having to actually get into the nuts and bolts of implementing it. It’s actually really powerful and probably what Siri should be.

so far, I've used it to kill a bunch of time trying to get it to respond to "Hi @Kirk" in a private Slack channel.

...and to laugh a little every time it calls me "commander" or asks "What's the next mission?" or (and this is the best one) it uses the catchphrase I gave it which is "it's probably fine" (and it uses it entirely appropriately...I think there must have been a lot of sarcasm in qwen 3.5's training data)

and I've treated it like it's already been compromised the whole time.

I give it monumental tasks. For example, I will write massive markdown files describing all the features I want to see in an application, and I will use a standard AI chatbot to check my work and consider additional details. Finally, when I have everything written down, I upload it to OpenClaw and tell the agent to make it happen.

Sometimes it toils away for 2+ hours, spawning Claude Code instances, checking its work, testing the code, even using browser automation to make sure everything works the way it is supposed to if it's writing a webapp.

In the end, it consumes like $10-20 worth of tokens and spits out a functional application with everything I asked for.

Claude Code can do this on its own, to an extent, but there's something about getting OpenClaw to iterate through multiple sessions and testing everything to make sure it works the way I described that I really like. It completely offloads the process to the AI, and keeps me mostly out of the loop.

Is the code any good? Probably not. Am I at risk of being exploited by malware? Probably. But I have automated quite a lot of things with the software that OpenClaw builds for me, and I am careful to review the libraries it imports before running the code on any machine with actual access to anything I actually care about.

Personally, anyone using OpenClaw for the "it reads your emails" use case is crazy, because prompt injection is real, and you're basically inviting anyone who knows your email address to take a stab at pwning you, with full access to your personal life. I keep my instances on a VPS, behind a restrictive security group, and only accessible via Tailscale where it has zero access to anything on my tailnet. I only recently gave it its own email account (not mine!), but even then I am skeptical of doing so, and take efforts to prevent it from taking action on any email it receives (e.g., disabling the Heartbeat) because who knows what it'll end up doing. I mostly like that it can email me if I ask it to.

my claw controls my old M2 mac, mostly my claw uses Claude code to code

Assuming you're asking in good faith, IMHO the deeper story around OpenClaw is that it's the core piece of a larger pattern.

The way I'm seeing folks responsibly use OpenClaw is to install it as a well-regulated governor driving other agents and other tools. It is effectively the big brain orchestrating a larger system.

So for instance, you could have an OpenClaw jail where you-the-human talk to OpenClaw via some channel, and then that directs OpenClaw to put lower-level agents to work.

In some sense it's a bit like Dwarf Fortress or the old Dungeon Keeper game. You declare what you want to have happen and then the imps run off and do it.

[EDIT: I truly down understand sometimes why people downvote things. If you don't like what I'm saying, at least reply with some kind of argument.]

[flagged]

[flagged]