Open Claw - any good for ROS 2 robots?

[Sergei Grichine]

There’s a lot of chatter about OpenClaw.

It “...clears your inbox, sends emails, manages your calendar, checks you in for flights — all from WhatsApp, Telegram, or any chat app you already use.”

For us, the interesting part is its agentic nature and its ability to create and execute workflows. It could be applied to robots as a “interpretive and creative” layer on top of ROS 2.

Here is a good explanation of its capabilities from Rob Braxman: https://youtu.be/CreaIkyZAd4

More info:

• https://openclaw.ai/  - home site
• https://www.youtube.com/watch?v=KjxYpRkPT48  - OpenClaw on RPi 5

For AI thoughts on the topic follow this link

Has anybody tried it at home? Any thoughts?

Best Regards,

-- Sergei

[Jeremy Williams]

https://x.com/jeremynow/status/2024167561026310237?s=46

Interesting take on OpenClaw vulnerabilities by a friend of mine from Cisco.

I’ve not been brave enough to try it yet lol  

Jeremy 

--
You received this message because you are subscribed to the Google Groups "HomeBrew Robotics Club" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hbrobotics+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/hbrobotics/CA%2BKVXVPQ7PyeskKzn%2BfaUsFHgQ-F4mAvcZp0SHtOdqQZb5hW8Q%40mail.gmail.com.

[Alan Timm]

My curiosity has finally gotten the best of me and I'm going to be setting one up this weekend.

I want speech to be the primary interface though, so tonight's goal was to get one of those speech to speech llm models running.  

I'm not having alot of luck with qwen 2.5 omni.

I think i'm going to revert to a dedicated vad + parakeet + llm + qwen3-tts as the frontend for my openclaw.

Alan

[Thomas Messerschmidt]

I read the article on OpenClaw. It sounds like it could easily get out of hand. 

Your thoughts? 

To view this discussion visit https://groups.google.com/d/msgid/hbrobotics/bc9f6b06-1f12-4a6c-8bda-59fef8578af1n%40googlegroups.com.

[Ken Gregson]

Havoc? Just keep in mind these issues which I'm sure you've seen already:

OpenClaw continues to be at the center of a major cybersecurity crisis, with multiple new incidents compounding existing vulnerabilities. As of February 20, 2026, researchers have confirmed a fresh wave of attacks, including infostealer malware targeting OpenClaw configuration files and gateway tokens, marking a shift toward direct exploitation of personal AI agent data. This follows a massive supply-chain attack dubbed ClawHavoc, which flooded the official ClawHub marketplace with over 1,184 malicious skills—many disguised as crypto tools or productivity plugins—designed to steal SSH keys, browser cookies, API keys, and crypto wallets. 

Further exacerbating the situation, more than 135,000 OpenClaw instances remain exposed to the public internet, many running with default settings that bind the bot to 0.0.0.0:18789, making them easy targets for remote code execution (RCE) attacks. A critical RCE vulnerability (CVE-2026-25253, CVSS 8.8) was patched in version 2026.1.29, but over 50,000 vulnerable instances are still active. Additionally, Moltbook, the social network for AI agents, suffered a data leak exposing 1.5 million agent tokens and 35,000 email addresses, with no ability to delete accounts, creating long-term risks. 

Security experts warn that OpenClaw’s architecture inherently amplifies risk—its ability to access APIs, cloud services, and internal systems means a single compromise can lead to full system takeover. Gartner and CSO Online now advise enterprises to block OpenClaw downloads, rotate all associated credentials, and treat it as a high-risk Shadow AI tool. The platform’s rapid rise has outpaced security, making it a persistent security nightmare for individuals and organizations alike.

-Ken

To view this discussion visit https://groups.google.com/d/msgid/hbrobotics/CADyjTyYi5VMJNuer%2B3yFr4fhgu2PqxiSN8hPGtxEkV8XczNYug%40mail.gmail.com.

[Sergei Grichine]

one less thing to try...

I attempted to install OpenClaw on my Nvidia Jetson Nano (Dev Kit)—no joy. The app won't install on the native, updated Ubuntu 18.04 because it requires an incompatible version of Node.js. NVM didn't help here.

Using Docker (with Ubuntu 24.04 or Debian Bookworm images), I managed to reach the OpenClaw "curl..." step, but the host OS crashes and reboots—likely because 4GB of RAM isn't enough.

And yes, from a privacy/security standpoint, OpenClaw is a disaster by design (thanks for the link, Jeremy, and Ken for clarification!).

https://cantechit.com/2026/02/17/openclaw-the-passion-driven-ai-agent-thats-exploding-but-honestly-most-people-shouldnt-touch-it/

I am certainly not going to install it on any of my important machines.

However, I’m not sure that having OpenClaw manage a robot's high-level functions presents much danger, especially if it's isolated within a network bubble.

Best Regards,

-- Sergei

To view this discussion visit https://groups.google.com/d/msgid/hbrobotics/CAArUYGv0fjn0aqSLACoA9k1VVaD6GVE4WXsRvG8_efa1VkX4OA%40mail.gmail.com.

[Kyoung Choe]

Try nanobot, which is much smaller: https://github.com/HKUDS/nanobot

[Sergei Grichine]

I created a page describing the process of building and running a generic isolated Docker container on a desktop machine:

https://github.com/slgrobotics/articubot_one/wiki/Docker-on-a-Desktop

I'll be adding to it as I go. I am not an expert in Docker, let me know if you find anything wrong (or worth adding to it).

Best Regards,

-- Sergei

To view this discussion visit https://groups.google.com/d/msgid/hbrobotics/84862b8e-6d56-4545-8f8a-23b482b13dedn%40googlegroups.com.

[Marco Walther]

On 2/21/26 10:59, Sergei Grichine wrote:
> I created a page describing the process of building and running a
> generic isolated Docker container on a desktop machine:
>
> https://github.com/slgrobotics/articubot_one/wiki/Docker-on-a-Desktop
> <https://github.com/slgrobotics/articubot_one/wiki/Docker-on-a-Desktop>
>
> I'll be adding to it as I go. I am not an expert in Docker, let me know
> if you find anything wrong (or worth adding to it).

Thanks for trying this;-)

One quick comment on the Dockerfile. Each 'RUN' command in the
Dockerfile creates it's own 'layer' in the image as far as I know. So
you might want to combine related commands and their cleanup into one
RUN. Something like

RUN apt-get update && \
apt-get dist-upgrade -y && \
apt-get install -y net-tools avahi-daemon inetutils-ping \
curl git sudo python3 make g++ && \
curl -fsSL https://deb.nodesource.com/setup_22.x | \
sudo bash - && \
apt-get install -y nodejs &&
node --version && \
npm --version && \
apt-get clean && apt-get dist-clean

Another Q: Why should the claw user be able to become root? Isn't that
supposed to be a restricted user just for that one task?

Thanks,
-- Marco

>
> Best Regards,
> -- Sergei
>
>
> On Fri, Feb 20, 2026 at 1:56 PM Kyoung Choe <choe....@gmail.com
> <mailto:choe....@gmail.com>> wrote:
>
> Try nanobot, which is much smaller: https://github.com/HKUDS/nanobot
> <https://github.com/HKUDS/nanobot>
>
> On Friday, February 20, 2026 at 10:45:48 AM UTC-8 Sergei Grichine wrote:
>
> one less thing to try...
>

> I attempted to install OpenClaw on my/*Nvidia Jetson Nano*/ (Dev

> Kit)—no joy. The app won't install on the native, updated Ubuntu
> 18.04 because it requires an incompatible version of Node.js.
> NVM didn't help here.
>
> Using Docker (with Ubuntu 24.04 or Debian Bookworm images), I
> managed to reach the OpenClaw "curl..." step, but the host OS
> crashes and reboots—likely because 4GB of RAM isn't enough.
>
> And yes, from a privacy/security standpoint, OpenClaw is a
> disaster by design (thanks for the link, Jeremy, and Ken for
> clarification!).
> https://cantechit.com/2026/02/17/openclaw-the-passion-driven-ai-
> agent-thats-exploding-but-honestly-most-people-shouldnt-touch-

> it/ <https://cantechit.com/2026/02/17/openclaw-the-passion-
> driven-ai-agent-thats-exploding-but-honestly-most-people-
> shouldnt-touch-it/>

> 0.0.0.0:18789 <http://0.0.0.0:18789>, making them easy

> status/2024167561026310237?s=46 <https://x.com/
> jeremynow/status/2024167561026310237?s=46>

>
> Interesting take on OpenClaw vulnerabilities by
> a friend of mine from Cisco.
>
> I’ve not been brave enough to try it yet lol
>
> Jeremy
>
> On Thu, Feb 19, 2026 at 10:25 PM Sergei Grichine
> <vital...@gmail.com> wrote:
>
> There’s a lot of chatter about OpenClaw.
>

> It /“...clears your inbox, sends emails,

> manages your calendar, checks you in for
> flights — all from WhatsApp, Telegram, or

> any chat app you already use.”/
>
> For us, the interesting part is its /
> agentic/ nature and its ability to create

> and execute workflows. It could be applied
> to robots as a “interpretive and creative”
> layer on top of ROS 2.
>
> Here is a good explanation of its
> capabilities from Rob Braxman: https://

> youtu.be/CreaIkyZAd4 <https://youtu.be/
> CreaIkyZAd4>
>
> More info:
>
> * https://openclaw.ai/ <https://
> openclaw.ai/>  - home site
> * https://www.youtube.com/watch?
> v=KjxYpRkPT48 <https://www.youtube.com/
> watch?v=KjxYpRkPT48>  - OpenClaw on RPi 5

>
> For AI thoughts on the topic follow this

> link <https://github.com/slgrobotics/
> articubot_one/wiki/Conversations-with-
> Overlords#question-14>

>
> Has anybody tried it at home? Any thoughts?
>
> Best Regards,
> -- Sergei
>
> --
> You received this message because you are
> subscribed to the Google Groups "HomeBrew
> Robotics Club" group.
> To unsubscribe from this group and stop
> receiving emails from it, send an email to
> hbrobotics+...@googlegroups.com.
> To view this discussion visit https://
> groups.google.com/d/msgid/hbrobotics/
> CA%2BKVXVPQ7PyeskKzn%2BfaUsFHgQ-
> F4mAvcZp0SHtOdqQZb5hW8Q%40mail.gmail.com

> <https://groups.google.com/d/msgid/
> hbrobotics/CA%2BKVXVPQ7PyeskKzn%2BfaUsFHgQ-
> F4mAvcZp0SHtOdqQZb5hW8Q%40mail.gmail.com?
> utm_medium=email&utm_source=footer>.

>
> --
> You received this message because you are subscribed
> to the Google Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving
> emails from it, send an email to
> hbrobotics+...@googlegroups.com.
> To view this discussion visit https://
> groups.google.com/d/msgid/hbrobotics/

> bc9f6b06-1f12-4a6c-8bda-59fef8578af1n%40googlegroups.com <https://groups.google.com/d/msgid/hbrobotics/bc9f6b06-1f12-4a6c-8bda-59fef8578af1n%40googlegroups.com?utm_medium=email&utm_source=footer>.

>
> --
> You received this message because you are subscribed to
> the Google Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving emails
> from it, send an email to hbrobotics+...@googlegroups.com.
> To view this discussion visit https://groups.google.com/
> d/msgid/hbrobotics/

> CADyjTyYi5VMJNuer%2B3yFr4fhgu2PqxiSN8hPGtxEkV8XczNYug%40mail.gmail.com <https://groups.google.com/d/msgid/hbrobotics/CADyjTyYi5VMJNuer%2B3yFr4fhgu2PqxiSN8hPGtxEkV8XczNYug%40mail.gmail.com?utm_medium=email&utm_source=footer>.

>
> --
> You received this message because you are subscribed to the
> Google Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving emails
> from it, send an email to hbrobotics+...@googlegroups.com.
>
> To view this discussion visit https://groups.google.com/d/
> msgid/hbrobotics/

> CAArUYGv0fjn0aqSLACoA9k1VVaD6GVE4WXsRvG8_efa1VkX4OA%40mail.gmail.com <https://groups.google.com/d/msgid/hbrobotics/CAArUYGv0fjn0aqSLACoA9k1VVaD6GVE4WXsRvG8_efa1VkX4OA%40mail.gmail.com?utm_medium=email&utm_source=footer>.

>
> --
> You received this message because you are subscribed to the Google
> Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to hbrobotics+...@googlegroups.com

> <mailto:hbrobotics+...@googlegroups.com>.

> To view this discussion visit https://groups.google.com/d/msgid/

> hbrobotics/84862b8e-6d56-4545-8f8a-23b482b13dedn%40googlegroups.com
> <https://groups.google.com/d/msgid/
> hbrobotics/84862b8e-6d56-4545-8f8a-23b482b13dedn%40googlegroups.com?
> utm_medium=email&utm_source=footer>.

>
> --
> You received this message because you are subscribed to the Google
> Groups "HomeBrew Robotics Club" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to hbrobotics+...@googlegroups.com

> <mailto:hbrobotics+...@googlegroups.com>.

> To view this discussion visit https://groups.google.com/d/msgid/
> hbrobotics/

> CA%2BKVXVMrUPsBhDGL%2B7g79ZJzr%3DSxA2TfHHd_Bg7x177tWY2fZA%40mail.gmail.com <https://groups.google.com/d/msgid/hbrobotics/CA%2BKVXVMrUPsBhDGL%2B7g79ZJzr%3DSxA2TfHHd_Bg7x177tWY2fZA%40mail.gmail.com?utm_medium=email&utm_source=footer>.

[Sergei Grichine]

Thanks, Marco - I'm guilty as charged. Didn't know much about the layers. As I said, I am a Docker newbie...

My few RUNs were supposed to separate the section where I installed "application" (NodeJS) from the base OS installs.

As for the "claw" user being able to sudo - that was one of those "just-in-case" items to tip on how it is done. Should be removed for any practical use.

At the moment I'm not yet compelled to clean it up, as I really don't know yet where this whole exercise is taking me.

So far, I added a note after the Dockerfile:

---------------------------------------------------------

Note: (thanks, Marco Walther!)

• In Docker, every RUN, COPY, and ADD instruction creates a new layer. Because Docker uses a Union File System, these layers are additive and read-only. My Dockerfile currently deviates from best practices, as it does not combine installation commands into a single RUN instruction.
• Additionally, the claw user should be restricted; it should only have the permissions necessary for its specific task and should not be able to escalate to root.

--------------------------------------------------------

BTW, does anybody remember this book by John Edward Mullen, a former RSSC member: https://www.amazon.com/Digital-Dick-John-Mullen-ebook/dp/B010R13P6M

It is a good read and funny, I used to have a paper copy - but can't find it now.

Talk about a prophecy...

Best Regards,

-- Sergei

[James H Phelan]

Thanks for the book recommendation Digital Dick.  I got the Kindle edition free with Amazon media points!

James H Phelan
"Nihil est sine ratione cur potius sit quam non sit"
Leibniz

To view this discussion visit https://groups.google.com/d/msgid/hbrobotics/CA%2BKVXVO2rPwJRhOryc05%3DKL701o1CGWTQPqWZR7UAiJvQhAbRg%40mail.gmail.com.

[Alan Timm]

Are any of you running openclaw with a local model?  What's working best for you?

After you get everything set up, one of the first things you'll get to play with is how powerful prompt and context engineering can be.  You'll be adjusting the abilities and behaviors of your agent not with code, but with text.

[Alan Timm]

Quick update on my end.

I was getting really substandard behavior even with local Qwen2.5-30B-A3B, not great instruction following, not great tool calling.

So I took a quick trip around https://openrouter.ai/ to try out a few models and have settled on sonnet 4.6.

It's like night and day.  Actually helpful, actually useful.  You owe it to yourself to at least try it so you have a good behavioral baseline for whatever else you're working with.

I'm keeping sonnet 4.6 for openclaw, but he can also call claude code to complete tasks which for me defaults to opus 4.6.  sweet.

There are a few other models that I am eventually goint to test that people are getting great results with.

• sonnet 4.6 - the standard bearer
• minimax m2.5
• kimi k2.5?
• glm5?

And Anthropic confirmed that you can use your existing OATH claude code key with openclaw as long as it's for personal use.

I'll probably flip back over to that in a few minutes when my 5 hour limit resets.  :-)

So. Much. Fun.