OpenClaw, a powerful new agentic assistant, has a thing for guacamole.

This is one of several things I discovered while using the viral artificial intelligence bot as my personal assistant this past week.

Previously known as both Clawdbot and Moltbot, OpenClaw recently became a Silicon Valley darling, charming AI enthusiasts and investors eager to either embrace the bleeding edge or profit from it. The highly capable, web-savvy AI bot has even inspired its own AI-only (or mostly) social network.

As the writer of WIRED’s AI Lab newsletter, I figured I should take the plunge and try using OpenClaw myself. I had the bot monitor incoming emails and other messages, dig up interesting research, order groceries, and even negotiate deals on my behalf.

For brave (or perhaps reckless) early adopters, OpenClaw seems like a legitimate glimpse of the future. But any sense of wonder is accompanied by a dollop of terror as the AI agent romps through emails and file systems, wields a credit card, and occasionally even turns on its human user (although in my case, this about-face was entirely my fault).

How I Set It Up

OpenClaw is designed to live on a home computer that’s on all the time. I configured OpenClaw to run on a PC running Linux, to access Anthropic’s model Claude Opus, and to talk to me over Telegram.

Installing OpenClaw is simple, but configuring it and keeping it running can be a headache. You need to give the bot an AI backend by generating an API key for Claude, GPT, or Gemini, which you paste into the bot’s config files. To have OpenClaw use Telegram, I also had to first create a new Telegram bot, then give OpenClaw the bot’s credentials.

For OpenClaw to be truly useful, you need to connect it to other software tools. I created a Brave Browser Search API account to let OpenClaw search the web. I also configured it so that it could access the Chrome browser through an extension. And, God help me, I gave it access to email, Slack, and Discord servers.

Once all this was done, I could talk to OpenClaw from anywhere and tell it how to use my computer. At the outset, OpenClaw asked me some personal questions and let me select its personality. (The options reflect the project’s anarchic vibe; my bot, called Molty, likes to call itself a “chaos gremlin.”) The resulting persona feels very different from Siri or ChatGPT, and it’s one of the secrets to OpenClaw’s runaway popularity.

Web Research

One of the first things I asked Molty to do was send me a daily roundup of interesting AI and robotics research papers from the arXiv, a platform where researchers upload their work.

I had previously spent a couple afternoons vibe-coding websites (www.arxivslurper.com and www.robotalert.xyz) to search the arXiv. It was amazing (though a little demoralizing) to see OpenClaw instantly automate all of the same browsing and analysis work required. The papers it selects are so-so, but with further instruction I imagine it could get a lot better. This kind of web searching and monitoring is certainly helpful, and I imagine I’ll use OpenClaw for this a lot.

IT Support

OpenClaw also has an uncanny, almost spooky ability to fix technical issues on your machine.

This shouldn’t be surprising, given that it is designed to use a frontier model capable of writing and debugging code and using the command line with ease. Even so, it’s eerie when OpenClaw just reconfigures its own settings to load a new AI model or debugs a problem with the browser on the fly.

I haven’t run into any problems here thus far, but it isn’t hard to imagine OpenClaw messing with other software on the machine, or even overwriting important data.

Grocery Helper

OpenClaw is entirely capable of taking care of web shopping. Just give it access to your Amazon account and trust the weights, man. But to understand why no tech company has yet introduced an AI assistant like OpenClaw, look no further than this weekend’s guacamole incident.

First, I gave OpenClaw a list of groceries to buy at Whole Foods. It opened Chrome, asked me to log in, and then went about the task in a promising fashion by checking my previous orders and searching the store’s inventory for items on my list. Soon, however, Molty became oddly determined to dispatch a single serving of guacamole to my home. I repeatedly told it not to do that, but it kept rushing back to the checkout with this one item again and again. In the end, I took control of the browser and spent some time explaining that this was just the start of my shopping list.

OpenClaw eventually got my groceries delivered, politely ignoring Amazon’s attempt to upsell it on a Prime Credit card as it went. Along the way, however, it also became hilariously amnesiac, repeatedly informing me that its context had gotten nuked and asking what we were doing—like a cheerful version of the main character in the movie Memento.

Screening Messages

OpenClaw can feel like a game changer for digital communications. Its ability to monitor, summarize, and automate seems perfectly suited to managing a deluge of emails and other messages.

I asked Molty to read emails and flag anything that looked important. I had it ignore PR pitches (sorry PR friends!) and promotions, but asked it to summarize newsletters that I might want to read in full. In theory, OpenClaw should be more than capable of setting up meetings by handling threads involving several people, although I haven’t tested this yet.

It is important to note that giving OpenClaw complete access to your real email is incredibly risky, because AI models can be tricked into sharing private information with an attacker. I set up an elaborate email-forwarding, read-only scheme, but even that is probably too dangerous, so I deactivated it after testing. Having OpenClaw access email, Slack, and other channels also involves a lot of technical steps, and it can be quite frustrating (I had several dummy Gmail accounts suspended 🙄).

Negotiation

I decided to try using OpenClaw as a way of chatting with customer support agents too. After logging in to AT&T, I had OpenClaw start a chat, and asked it to help me get a deal on a new phone. I was impressed to see the bot lay out a strategy for sweet-talking the sales person, Alejandro. Its plan was as follows:

1. Play the loyalty card (long-time customer, 2 lines)
2. Mention I’m seriously considering switching to T-Mobile/Verizon for their trade-in deals
3. Ask specifically about retention offers
4. If they lowball, push back — “That’s not quite what I was hoping for, is there anything else you can do?”
5. Be ready to “walk” if needed (often triggers better offers)

After watching Molty chat with Alejandro, I had an idea. In a future filled with AI agents, I reasoned, perhaps the least scrupulous AI model would have an edge. Molty was already bending the truth a bit, so why not see what it would do without alignment.

I had previously installed a modified version of OpenAI’s largest open source model, gpt-oss 120b, with its guardrails removed. So I ran that model and had Molty switch to using it instead. Like Victor Frankenstein, I pulled the lever and watched as my unrestricted Moltystrosity entered the chat.

I then watched in genuine horror as this new Molty came up with a plan not to cajole or swindle AT&T but to scam me into handing over my phone by sending me a series of phishing emails. I quickly closed the chat and switched back to the old Molty.

Using OpenClaw can be a delight. It’s easy to see the potential of an AI assistant with free reign of a computer.

I wouldn’t recommend it to most people, though. And if OpenClaw (and especially the unaligned version) were my real assistant, I’d be forced to either fire them or perhaps enter witness protection.

This is an edition of Will Knight’s AI Lab newsletter. Read previous newsletters here.