You should make your own OpenClaw

February 15, 2026

llm self-hosting

Peter Steinberger’s ‘Clawdbot’ was a rough weekend hack designed for power-user ‘God Mode.’ As it evolved into OpenClaw, it brought in a laundry list of features. By trying to be everything for everyone, it became a massive security nightmare with a surface area too large for most individuals to truly secure. Instead of adopting a bloated general-purpose platform, developers should build their own minimal AI assistant tailored to what they actually need.

We’ve seen developers and cloud providers alike flock to this project as it has skyrocketed in popularity. We have spinoffs like nanoclaw, picoclaw and nanobot. We’ve also seen cloud providers offering to host this type of service such as Digital Ocean, Cloudflare and Hostinger. There are even companies like ai.com that are focused on this new “AI Assistant” paradigm.

This is all very exciting but seems to go against the original philosophy of OpenClaw. The sheer amount of features that OpenClaw has does provide flexibility for every user, but it also takes away a user’s ability to truly have it be their own. You can fork the repo to make it more “custom” but with over 10,000 commits and 500,000 lines of code it’s not exactly maintainable. Even the creator was struggling, merging over 600 commits and losing ground on open PRs. As I was writing this, Steinberger announced he’s leaving OpenClaw to join OpenAI, transitioning the project to an independent foundation. When even the creator decides a project has outgrown what one person can manage, it reinforces the case for building something smaller and purpose-built.

While you will see OpenClaw marketed as secure due to self-hosting, the reality is that many ‘out of the box’ setups leave administrative interfaces exposed. The Moltbook breach of 1.5 million API keys and the skills marketplace illustrate this point exactly. Although they do care about security, this project’s nature leaves itself open to so many attacks. A smaller, purpose-built tool has a fundamentally smaller attack surface, making it far easier to audit and secure.

All of this made me question if we really need all of these features. In philosophy, Occam’s razor is the theory that “recommends searching for explanations constructed with the smallest possible set of elements.” The same principle applies to software: the simplest system that meets your needs is the one with the fewest vulnerabilities, the least maintenance burden, and the most clarity. Like others, I saw the benefits of OpenClaw but I didn’t need many features, just the ability to message the AI from my phone and have it manage my calendar. This led me to build occam-claw, an AI assistant that has only the features I need and none of the bloat. After building this, I realized the following benefits:

  • It’s easy to build (took a few hours) and it’s fun
  • You can customize everything, you get everything you need and nothing you don’t
  • Smaller footprint on your host, both in resource usage and attack surface
  • You can understand every line of code, which means you can actually reason about its security

I’m not saying you shouldn’t use OpenClaw or any of the other spinoffs. I think all developers should really consider where they want to integrate AI into their life and what value these products are actually providing. Obviously this is dependent on the person, but I prefer controlling what is fed into my AI model and heavily restrict what it can do on my behalf. When you build it yourself, you make those decisions deliberately rather than inheriting someone else’s defaults.

← Back to Blog