OpenClaw has attracted significant attention in tech circles — 60,000 GitHub stars in 72 hours, comparisons to JARVIS, and a wave of developers ordering Mac Minis specifically to run it. Most of the coverage has been aimed at developers and early adopters. This article is aimed at business owners who want to understand what it actually is, how it works, and — critically — why Raxxos advises most businesses to approach it with caution.

Georgy Johnson, a technician here at Raxxos, says that as of right now he hasn’t had clients come to him directly with questions about OpenClaw — but he’s noticed how fast it’s moving through conversations. “News about it is spreading like wildfire,” he told us. “It’s the hottest topic right now.” That tracks with what we’ve seen: the buzz is real, the questions are coming, and most of the information out there isn’t aimed at helping business owners make a clear-headed decision.

The Hype Machine Nobody Is Talking About

If you’ve been on YouTube recently, you’ve seen the videos. “Everyone should be using OpenClaw.” “Here’s how easy it is to set up.” “I built an AI employee in 20 minutes.” The thumbnails are bold, the energy is high, and the message is consistent: this is the future and you’re already behind.

What most of those videos don’t tell you is who’s paying for them.

A significant number of the most-watched OpenClaw tutorials are sponsored by VPS hosting companies — Hostinger being the most prominent example. The business model is straightforward: get as many people as possible to sign up for a VPS through an affiliate link, earn a commission on each signup. The more people who run OpenClaw, the more VPS subscriptions get sold. The incentive is volume, not accuracy.

One well-known AI YouTuber has publicly stated he was offered $30,000 to promote Hostinger on his channel — and turned it down specifically because he didn’t feel comfortable with the promotional angle. That’s a meaningful data point. For every creator who turned it down, plenty accepted.

The result is a YouTube landscape where the vast majority of OpenClaw content is financially incentivized to make the setup look easy, the risks look manageable, and the audience feel like they’re missing out if they don’t act now. Almost none of it addresses the real security questions in any depth.

We’re not saying OpenClaw is a scam or that everyone covering it is acting in bad faith. We’re saying the information environment around it is heavily distorted by financial incentives, and business owners making decisions based on that content are working with an incomplete picture.

One More Thing Worth Knowing: It Was Vibe-Coded

OpenClaw is open-source software, which means anyone can read the code. People who have done so have noted that significant portions of it appear to have been written with heavy AI assistance — what the developer community has started calling “vibe-coded” software. Code generated quickly with AI tools, iterated fast, shipped fast.

That’s not inherently a disqualifier. A lot of software is built this way now and works fine. But vibe-coded software that is being deployed with broad access to your business systems, your email, your files, and your network — and that has not been through the kind of rigorous security audit that enterprise software typically undergoes — is a different category of risk. The people qualified to evaluate whether a piece of software like this is safe to run in a business environment are cybersecurity professionals who can read the code, understand the architecture, and assess whether it’s been sandboxed correctly. That is not most business owners, and it is not most YouTube tutorial watchers.

What OpenClaw Actually Is

OpenClaw is an open-source AI agent that you install on your own hardware. Unlike ChatGPT or Microsoft Copilot, which are cloud services you log into through a browser, OpenClaw runs locally — on a computer in your office, on your home network, or on a private server you control.

Once it’s running, it acts as an always-on AI coordinator. It connects to the apps and data you already use, takes instructions through messaging apps, executes tasks autonomously, and builds up a memory of your preferences and context over time.

The key distinction from most other AI tools is that OpenClaw doesn’t just answer questions — it takes actions. It can read and write files, send messages, search the web, run scripts, draft and send emails, monitor things on a schedule, and coordinate tasks in the background without you manually prompting it each time.

One important note: OpenClaw is the agent layer, not the AI itself. It connects to AI models separately — either cloud-based ones like Claude or GPT-4, or models running locally on your own hardware. That distinction matters a lot when it comes to privacy and security.

How People Interact With It

You don’t interact with OpenClaw through a dedicated app or dashboard. You talk to it through messaging apps you’re already using — WhatsApp, Telegram, iMessage, Slack, Discord. You send a message the way you’d send one to a colleague, and OpenClaw responds and acts on it.

That interface simplicity is part of what makes it appealing. It’s also part of what makes it dangerous — because the ease of use can obscure how much access the agent actually has to your systems.

What Some Businesses Are Using It For

The OpenClaw community has shared a range of real-world use cases — inbox management, daily briefings, document drafting, research tasks, lead monitoring, and meeting prep. In the right hands, with the right configuration, some of these applications are genuinely useful.

We’re not going to walk through each one in detail here, because we don’t want to get ahead of the more important conversation: whether any business should be running OpenClaw at all without proper security infrastructure in place.

Why Raxxos Advises Most Businesses to Stay Away — For Now

We work with businesses across the Lower Mainland on IT and cybersecurity every day. When we look at OpenClaw through that lens, we see a tool with real capability and real risk — and the risk profile is serious enough that we want to be direct about it.

Georgy described the pattern he sees when businesses move quickly on new technology without thinking through the downstream effects: “A common oversight is failing to consider the broader implications. While the intended outcome may be highly beneficial, the process can introduce unforeseen security, compliance, or reputational risks. In some cases, those challenges only become apparent after significant progress has been made — which makes them much harder to address.” That’s a good description of what we’ve seen with OpenClaw deployments that went wrong.

There are documented cases of OpenClaw instances being compromised. Because OpenClaw is open-source and self-hosted, the security of any given deployment depends entirely on how it’s configured and maintained. Misconfigured instances have been exploited. This isn’t theoretical — it’s happened to real deployments run by people who thought they had it set up correctly.

An agent with broad access is a significant attack surface. OpenClaw is designed to have access to a lot — your files, email, calendar, browser, and the ability to run scripts and execute commands on your systems. That access is where its usefulness comes from. It’s also where a security failure becomes catastrophic. A compromised or misconfigured agent could expose sensitive client data, send communications you didn’t authorize, or make system changes that are difficult or impossible to reverse.

Prompt injection is a real and underappreciated threat. Because OpenClaw acts on instructions it receives and processes content from the web, email, and documents, malicious content in those sources can potentially be crafted to hijack the agent’s behaviour. This attack vector is active and not fully solved in any current AI agent framework, including OpenClaw.

Most setups transmit data to US servers. OpenClaw runs locally, but the AI models it connects to usually don’t. If you’re using cloud-based models like GPT-4 or Claude — which most people do — the content of your tasks, conversations, and file contents is transmitted to servers in the United States. For businesses handling sensitive client data under PIPEDA or BC’s PIPA, this is a compliance issue that needs a clear answer before deployment, not after.

Nobody is monitoring it by default. Like any software running on your infrastructure, OpenClaw needs to be kept updated, monitored, and troubleshot. Logs should be reviewed. Permissions should be audited. If something behaves unexpectedly, someone needs to notice and respond. Most small businesses don’t have the internal IT capacity to manage that ongoing vigilance — and without it, problems tend to compound quietly until they become serious.

There is no vendor accountability. OpenClaw is open-source software maintained by a community. There is no company standing behind it with a support line, an SLA, or liability if something goes wrong. You are on your own in a way that is fundamentally different from using an enterprise software product.

Who Should Be Running OpenClaw

Developers, security professionals, and technically sophisticated early adopters who understand what they’re taking on and have the skills to configure it safely. Specifically: people who can read and audit the source code, understand how to properly sandbox an application with broad system access, and have the expertise to evaluate whether a rapidly-developed, AI-assisted codebase meets the security standards required for their environment.

That is a small group. It does not describe most business owners, and it does not describe most people watching YouTube tutorials about how to set this up in an afternoon.

The way Georgy thinks about new technology decisions reflects how we approach this with clients generally: “My mindset is that you only need just enough tech to get the job done — nothing less, nothing more.” OpenClaw may well be the right tool for certain businesses eventually, as the ecosystem matures and security tooling improves around it. Right now, for most businesses, it’s more tech than the job requires — and more risk than the benefit justifies.

If that’s not you or someone on your team, we’d encourage waiting. The AI agent space is moving fast. Tools that deliver similar capabilities with better security guardrails, vendor accountability, and easier configuration are coming — and some already exist within platforms like Microsoft 365 Copilot that are built with enterprise security from the ground up.

If You’re Still Interested

We’re not here to tell you what to do. If you’re curious about OpenClaw and want to understand whether there’s a version of this that could work securely for your business, we’re happy to have that conversation. We can help you evaluate whether the use case makes sense, what a responsible deployment would actually require, and whether the risk-benefit calculation adds up for your situation.

What we won’t do is set it up for a client without that conversation happening first. The exposure is too significant for us to treat it as a routine implementation.

Book a free conversation with Raxxos if you want a straight answer on whether this is right for your business — and if not, what alternatives might get you where you want to go.