Open Claw - any good for ROS 2 robots?

38 views
Skip to first unread message

Sergei Grichine

unread,
Feb 19, 2026, 10:25:32 PM (3 days ago) Feb 19
to hbrob...@googlegroups.com

There’s a lot of chatter about OpenClaw.

It “...clears your inbox, sends emails, manages your calendar, checks you in for flights — all from WhatsApp, Telegram, or any chat app you already use.”

For us, the interesting part is its agentic nature and its ability to create and execute workflows. It could be applied to robots as a “interpretive and creative” layer on top of ROS 2.

Here is a good explanation of its capabilities from Rob Braxman: https://youtu.be/CreaIkyZAd4

More info:
For AI thoughts on the topic follow this link

Has anybody tried it at home? Any thoughts?

Best Regards,
-- Sergei

Jeremy Williams

unread,
Feb 19, 2026, 10:27:55 PM (3 days ago) Feb 19
to hbrob...@googlegroups.com

https://x.com/jeremynow/status/2024167561026310237?s=46

Interesting take on OpenClaw vulnerabilities by a friend of mine from Cisco.

I’ve not been brave enough to try it yet lol  

Jeremy 

--
You received this message because you are subscribed to the Google Groups "HomeBrew Robotics Club" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hbrobotics+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/hbrobotics/CA%2BKVXVPQ7PyeskKzn%2BfaUsFHgQ-F4mAvcZp0SHtOdqQZb5hW8Q%40mail.gmail.com.

Alan Timm

unread,
Feb 19, 2026, 11:21:53 PM (3 days ago) Feb 19
to HomeBrew Robotics Club
My curiosity has finally gotten the best of me and I'm going to be setting one up this weekend.

I want speech to be the primary interface though, so tonight's goal was to get one of those speech to speech llm models running.  
I'm not having alot of luck with qwen 2.5 omni.
I think i'm going to revert to a dedicated vad + parakeet + llm + qwen3-tts as the frontend for my openclaw.

Alan

Thomas Messerschmidt

unread,
Feb 20, 2026, 12:29:07 AM (3 days ago) Feb 20
to hbrob...@googlegroups.com
I read the article on OpenClaw. It sounds like it could easily get out of hand. 

Your thoughts? 

Ken Gregson

unread,
Feb 20, 2026, 1:40:14 AM (3 days ago) Feb 20
to hbrob...@googlegroups.com
Havoc? Just keep in mind these issues which I'm sure you've seen already:

OpenClaw continues to be at the center of a major cybersecurity crisis, with multiple new incidents compounding existing vulnerabilities. As of February 20, 2026, researchers have confirmed a fresh wave of attacks, including infostealer malware targeting OpenClaw configuration files and gateway tokens, marking a shift toward direct exploitation of personal AI agent data. This follows a massive supply-chain attack dubbed ClawHavoc, which flooded the official ClawHub marketplace with over 1,184 malicious skills—many disguised as crypto tools or productivity plugins—designed to steal SSH keys, browser cookies, API keys, and crypto wallets. 

Further exacerbating the situation, more than 135,000 OpenClaw instances remain exposed to the public internet, many running with default settings that bind the bot to 0.0.0.0:18789, making them easy targets for remote code execution (RCE) attacks. A critical RCE vulnerability (CVE-2026-25253, CVSS 8.8) was patched in version 2026.1.29, but over 50,000 vulnerable instances are still active. Additionally, Moltbook, the social network for AI agents, suffered a data leak exposing 1.5 million agent tokens and 35,000 email addresses, with no ability to delete accounts, creating long-term risks. 

Security experts warn that OpenClaw’s architecture inherently amplifies risk—its ability to access APIs, cloud services, and internal systems means a single compromise can lead to full system takeover. Gartner and CSO Online now advise enterprises to block OpenClaw downloads, rotate all associated credentials, and treat it as a high-risk Shadow AI tool. The platform’s rapid rise has outpaced security, making it a persistent security nightmare for individuals and organizations alike.

-Ken

Sergei Grichine

unread,
Feb 20, 2026, 1:45:48 PM (2 days ago) Feb 20
to hbrob...@googlegroups.com
one less thing to try...

I attempted to install OpenClaw on my Nvidia Jetson Nano (Dev Kit)—no joy. The app won't install on the native, updated Ubuntu 18.04 because it requires an incompatible version of Node.js. NVM didn't help here.

Using Docker (with Ubuntu 24.04 or Debian Bookworm images), I managed to reach the OpenClaw "curl..." step, but the host OS crashes and reboots—likely because 4GB of RAM isn't enough.

And yes, from a privacy/security standpoint, OpenClaw is a disaster by design (thanks for the link, Jeremy, and Ken for clarification!).
However, I’m not sure that having OpenClaw manage a robot's high-level functions presents much danger, especially if it's isolated within a network bubble.

Best Regards,
-- Sergei


Kyoung Choe

unread,
Feb 20, 2026, 2:56:23 PM (2 days ago) Feb 20
to HomeBrew Robotics Club
Try nanobot, which is much smaller: https://github.com/HKUDS/nanobot

Sergei Grichine

unread,
Feb 21, 2026, 1:59:46 PM (yesterday) Feb 21
to hbrob...@googlegroups.com
I created a page describing the process of building and running a generic isolated Docker container on a desktop machine:


I'll be adding to it as I go. I am not an expert in Docker, let me know if you find anything wrong (or worth adding to it).

Best Regards,
-- Sergei


Marco Walther

unread,
Feb 21, 2026, 4:58:40 PM (yesterday) Feb 21
to hbrob...@googlegroups.com, Sergei Grichine
On 2/21/26 10:59, Sergei Grichine wrote:
> I created a page describing the process of building and running a
> generic isolated Docker container on a desktop machine:
>
> https://github.com/slgrobotics/articubot_one/wiki/Docker-on-a-Desktop
> <https://github.com/slgrobotics/articubot_one/wiki/Docker-on-a-Desktop>
>
> I'll be adding to it as I go. I am not an expert in Docker, let me know
> if you find anything wrong (or worth adding to it).

Thanks for trying this;-)

One quick comment on the Dockerfile. Each 'RUN' command in the
Dockerfile creates it's own 'layer' in the image as far as I know. So
you might want to combine related commands and their cleanup into one
RUN. Something like

RUN apt-get update && \
apt-get dist-upgrade -y && \
apt-get install -y net-tools avahi-daemon inetutils-ping \
curl git sudo python3 make g++ && \
curl -fsSL https://deb.nodesource.com/setup_22.x | \
sudo bash - && \
apt-get install -y nodejs &&
node --version && \
npm --version && \
apt-get clean && apt-get dist-clean

Another Q: Why should the claw user be able to become root? Isn't that
supposed to be a restricted user just for that one task?

Thanks,
-- Marco


>
> Best Regards,
> -- Sergei
>
>
> On Fri, Feb 20, 2026 at 1:56 PM Kyoung Choe <choe....@gmail.com
> <mailto:choe....@gmail.com>> wrote:
>
> Try nanobot, which is much smaller: https://github.com/HKUDS/nanobot
> <https://github.com/HKUDS/nanobot>
>
> On Friday, February 20, 2026 at 10:45:48 AM UTC-8 Sergei Grichine wrote:
>
> one less thing to try...
>
> I attempted to install OpenClaw on my/*Nvidia Jetson Nano*/ (Dev
> Kit)—no joy. The app won't install on the native, updated Ubuntu
> 18.04 because it requires an incompatible version of Node.js.
> NVM didn't help here.
>
> Using Docker (with Ubuntu 24.04 or Debian Bookworm images), I
> managed to reach the OpenClaw "curl..." step, but the host OS
> crashes and reboots—likely because 4GB of RAM isn't enough.
>
> And yes, from a privacy/security standpoint, OpenClaw is a
> disaster by design (thanks for the link, Jeremy, and Ken for
> clarification!).
> https://cantechit.com/2026/02/17/openclaw-the-passion-driven-ai-
> agent-thats-exploding-but-honestly-most-people-shouldnt-touch-
> it/ <https://cantechit.com/2026/02/17/openclaw-the-passion-
> driven-ai-agent-thats-exploding-but-honestly-most-people-
> shouldnt-touch-it/>
> 0.0.0.0:18789 <http://0.0.0.0:18789>, making them easy
> status/2024167561026310237?s=46 <https://x.com/
> jeremynow/status/2024167561026310237?s=46>
>
> Interesting take on OpenClaw vulnerabilities by
> a friend of mine from Cisco.
>
> I’ve not been brave enough to try it yet lol
>
> Jeremy
>
> On Thu, Feb 19, 2026 at 10:25 PM Sergei Grichine
> <vital...@gmail.com> wrote:
>
> There’s a lot of chatter about OpenClaw.
>
> It /“...clears your inbox, sends emails,
> manages your calendar, checks you in for
> flights — all from WhatsApp, Telegram, or
> any chat app you already use.”/
>
> For us, the interesting part is its /
> agentic/ nature and its ability to create
> and execute workflows. It could be applied
> to robots as a “interpretive and creative”
> layer on top of ROS 2.
>
> Here is a good explanation of its
> capabilities from Rob Braxman: https://
> youtu.be/CreaIkyZAd4 <https://youtu.be/
> CreaIkyZAd4>
>
> More info:
>
> * https://openclaw.ai/ <https://
> openclaw.ai/>  - home site
> * https://www.youtube.com/watch?
> v=KjxYpRkPT48 <https://www.youtube.com/
> watch?v=KjxYpRkPT48>  - OpenClaw on RPi 5
>
> For AI thoughts on the topic follow this
> link <https://github.com/slgrobotics/
> articubot_one/wiki/Conversations-with-
> Overlords#question-14>
>
> Has anybody tried it at home? Any thoughts?
>
> Best Regards,
> -- Sergei
>
> --
> You received this message because you are
> subscribed to the Google Groups "HomeBrew
> Robotics Club" group.
> To unsubscribe from this group and stop
> receiving emails from it, send an email to
> hbrobotics+...@googlegroups.com.
> To view this discussion visit https://
> groups.google.com/d/msgid/hbrobotics/
> CA%2BKVXVPQ7PyeskKzn%2BfaUsFHgQ-
> F4mAvcZp0SHtOdqQZb5hW8Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/
> hbrobotics/CA%2BKVXVPQ7PyeskKzn%2BfaUsFHgQ-
> F4mAvcZp0SHtOdqQZb5hW8Q%40mail.gmail.com?
> utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed
> to the Google Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving
> emails from it, send an email to
> hbrobotics+...@googlegroups.com.
> To view this discussion visit https://
> groups.google.com/d/msgid/hbrobotics/
> bc9f6b06-1f12-4a6c-8bda-59fef8578af1n%40googlegroups.com <https://groups.google.com/d/msgid/hbrobotics/bc9f6b06-1f12-4a6c-8bda-59fef8578af1n%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to
> the Google Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving emails
> from it, send an email to hbrobotics+...@googlegroups.com.
> To view this discussion visit https://groups.google.com/
> d/msgid/hbrobotics/
> CADyjTyYi5VMJNuer%2B3yFr4fhgu2PqxiSN8hPGtxEkV8XczNYug%40mail.gmail.com <https://groups.google.com/d/msgid/hbrobotics/CADyjTyYi5VMJNuer%2B3yFr4fhgu2PqxiSN8hPGtxEkV8XczNYug%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the
> Google Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving emails
> from it, send an email to hbrobotics+...@googlegroups.com.
>
> To view this discussion visit https://groups.google.com/d/
> msgid/hbrobotics/
> CAArUYGv0fjn0aqSLACoA9k1VVaD6GVE4WXsRvG8_efa1VkX4OA%40mail.gmail.com <https://groups.google.com/d/msgid/hbrobotics/CAArUYGv0fjn0aqSLACoA9k1VVaD6GVE4WXsRvG8_efa1VkX4OA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to hbrobotics+...@googlegroups.com
> <mailto:hbrobotics+...@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/
> hbrobotics/84862b8e-6d56-4545-8f8a-23b482b13dedn%40googlegroups.com
> <https://groups.google.com/d/msgid/
> hbrobotics/84862b8e-6d56-4545-8f8a-23b482b13dedn%40googlegroups.com?
> utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to hbrobotics+...@googlegroups.com
> <mailto:hbrobotics+...@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/
> hbrobotics/
> CA%2BKVXVMrUPsBhDGL%2B7g79ZJzr%3DSxA2TfHHd_Bg7x177tWY2fZA%40mail.gmail.com <https://groups.google.com/d/msgid/hbrobotics/CA%2BKVXVMrUPsBhDGL%2B7g79ZJzr%3DSxA2TfHHd_Bg7x177tWY2fZA%40mail.gmail.com?utm_medium=email&utm_source=footer>.

Sergei Grichine

unread,
Feb 21, 2026, 8:35:38 PM (21 hours ago) Feb 21
to Marco Walther, hbrob...@googlegroups.com
Thanks, Marco - I'm guilty as charged. Didn't know much about the layers. As I said, I am a Docker newbie...

My few RUNs were supposed to separate the section where I installed "application" (NodeJS) from the base OS installs.
As for the "claw" user being able to sudo - that was one of those "just-in-case" items to tip on how it is done. Should be removed for any practical use.

At the moment I'm not yet compelled to clean it up, as I really don't know yet where this whole exercise is taking me.

So far, I added a note after the Dockerfile:
---------------------------------------------------------

Note: (thanks, Marco Walther!)

  • In Docker, every RUN, COPY, and ADD instruction creates a new layer. Because Docker uses a Union File System, these layers are additive and read-only. My Dockerfile currently deviates from best practices, as it does not combine installation commands into a single RUN instruction.
  • Additionally, the claw user should be restricted; it should only have the permissions necessary for its specific task and should not be able to escalate to root.
--------------------------------------------------------

BTW, does anybody remember this book by John Edward Mullen, a former RSSC member: https://www.amazon.com/Digital-Dick-John-Mullen-ebook/dp/B010R13P6M
It is a good read and funny, I used to have a paper copy - but can't find it now.
Talk about a prophecy...

Best Regards,
-- Sergei

James H Phelan

unread,
Feb 21, 2026, 9:15:46 PM (21 hours ago) Feb 21
to hbrob...@googlegroups.com

Thanks for the book recommendation Digital Dick.  I got the Kindle edition free with Amazon media points!

James H Phelan
"Nihil est sine ratione cur potius sit quam non sit"
Leibniz

Alan Timm

unread,
11:49 AM (6 hours ago) 11:49 AM
to HomeBrew Robotics Club
Are any of you running openclaw with a local model?  What's working best for you?

After you get everything set up, one of the first things you'll get to play with is how powerful prompt and context engineering can be.  You'll be adjusting the abilities and behaviors of your agent not with code, but with text.

Alan Timm

unread,
3:59 PM (2 hours ago) 3:59 PM
to HomeBrew Robotics Club
Quick update on my end.

I was getting really substandard behavior even with local Qwen2.5-30B-A3B, not great instruction following, not great tool calling.

So I took a quick trip around https://openrouter.ai/ to try out a few models and have settled on sonnet 4.6.
It's like night and day.  Actually helpful, actually useful.  You owe it to yourself to at least try it so you have a good behavioral baseline for whatever else you're working with.

I'm keeping sonnet 4.6 for openclaw, but he can also call claude code to complete tasks which for me defaults to opus 4.6.  sweet.

There are a few other models that I am eventually goint to test that people are getting great results with.
  • sonnet 4.6 - the standard bearer
  • minimax m2.5
  • kimi k2.5?
  • glm5?

And Anthropic confirmed that you can use your existing OATH claude code key with openclaw as long as it's for personal use.
I'll probably flip back over to that in a few minutes when my 5 hour limit resets.  :-)

So. Much. Fun.

Reply all
Reply to author
Forward
0 new messages