You should make your own OpenClaw

February 15, 2026

Peter Steinberger’s Clawdbot was a rough weekend project, as it evolved into OpenClaw it has exploded into a list of features so long no one person can understand. This became a massive security nightmare, as the surface area is too large for most individuals to truly secure.

All of the features are exciting but seems to go against the original philosophy of OpenClaw. The sheer amount of features that OpenClaw has does provide flexibility for every user, but it also takes away a user’s ability to truly have it be their own. You can fork the repo to make it more “custom” but with over 10,000 commits and 500,000 lines of code it’s not exactly maintainable. Even the creator was struggling, merging over 600 commits and losing ground on open PRs. As I was writing this, Steinberger announced he’s leaving OpenClaw to join OpenAI, transitioning the project to an independent foundation.

While you will see OpenClaw marketed as secure due to self-hosting, the reality is that many ‘out of the box’ setups leave administrative interfaces exposed. The Moltbook breach of 1.5 million API keys and the skills marketplace illustrate this point exactly. Although they do care about security, this project’s nature leaves itself open to so many attacks. A smaller, purpose-built tool has a fundamentally smaller attack surface, making it far easier to audit and secure.

In philosophy, Occam’s razor is the theory that “recommends searching for explanations constructed with the smallest possible set of elements.” The same principle can be applied to software: the simplest system that meets your needs is the one with the fewest vulnerabilities, the least maintenance burden, and the most clarity. Like others, I saw the benefits of OpenClaw but I didn’t need many features, just the ability to message the AI from my phone and have it manage my calendar. This led me to build occam-claw, an AI assistant that has only the features I need and none of the bloat. After building this, I realized the following benefits:

• It’s easy to build (took a few hours) and it’s fun
• You can customize everything, you get everything you need and nothing you don’t
• Smaller footprint on your host, both in resource usage and attack surface
• You can understand every line of code, which means you can actually reason about its security

I’m not saying you shouldn’t use OpenClaw or any of the other spinoffs. But, I think all developers should really consider where they want to integrate AI into their life and what value these products are actually providing. Obviously this is dependent on the person, but I prefer controlling what is fed into my AI model and heavily restrict what it can do on my behalf. When you build it yourself, you make those decisions deliberately rather than inheriting someone else’s defaults.