We certainly have customers who work in sales, but that's not the only use case.
OpenClaw is capable of using ElevenLabs or other providers to make phone calls, but I personally haven't done this and as far as I know none of our customers have either. Is AI good enough at cold calling yet for this to work? I personally would never entertain such a call.
Does the claw in the VM have proven capability (verified by your team) to track changes it makes to itself and persist across reboots? What about rollback capability?
We allow you to backup to a private Github repo you own so if you want to version control your setup that way you can. Otherwise most changes are tracked in the chat history and the LLM has some ability to repair itself or validate changes before they are made.
OpenClaw doesn't play well with SDKs like that. It expects to be able to run on a full machine (or container), to execute commands, to write files to disk. If we wanted we could fork and run something like this but we want to stay as close to the OSS as possible.
This sounds awesome and exactly like the easy and safe on-ramp to OpenClaw that I've been looking for! I want to believe.
Two questions as a potential user who knows the gist of OpenClaw but has been afraid to try it:
1. I don't understand how the two consumption credits play into the total cost of ownership. E.g. how long will $20 of Orthogonal credits last me? I have no idea what it will actually cost to use Klaus/OpenClaw for a month.
2. Batteries included sounds great, but what are those batteries? I've never heard of Apollo or Hunter.io so I don't know the value of them being included.
In general, a lot of your copy sounds like it's written for people already deep into OpenClaw. Since you're not targeting those folks, I would steer more towards e.g. articulating use cases that work ootb and a TCO estimate for less technical folks. Good luck, and I'm eager to try it!
The cost of ownership for an OpenClaw, and how many credits you'll use, is really hard to estimate since it depends so wildly on what you do.
I can give you an openclaw instruction that will burn over $20k worth of credits in a matter of hours.
You could also not talk to your claw at all for the entire month, setup no crons / reoccurring activities / webhooks / etc, and get a bill of under $1 for token usage.
My usage of OpenClaw ends up costing on the order of $200/mo in tokens with the claude code max plan (which you're technically not allowed to use with OpenClaw anymore), or over $2000 if I were using API credits I think (which Klause is I believe, based on their FAQ mentioning OpenRouter).
So yeah, what I consider fairly light and normal usage of OpenClaw can quite easily hit $2000/mo, but it's also very possible to hit only $5/mo.
Most of my tokens are eaten up by having it write small pieces of code, and doing a good amount of web browser orchestration. I've had 2 sentence prompts that result in it spinning up subagents to browse and summarize thousands of webpages, which really eats a lot of tokens.
I've also given my OpenClaw access to its own AWS account, and it's capable of spinning up lambdas, ec2 instances, writing to s3, etc, and so it also right now has an AWS bill of around $100/mo (which I only expect to go up).
I haven't given it access to my credit card directly yet, so it hasn't managed to buy gift cards for any of the friendly nigerian princes that email it to chat, but I assume that's only a matter of time.
Yes, but that comes at the cost of using a dumber llm. The state of the art ones are only available via commercial api, and the best self-hostable models require $10,000+ gpus.
This is a problem for coding as smarter really has an impact there, but there are so so so many tasks that an 8b model that runs on a $200 gpu can handle nicely. Scrape this page and dump json? Yeah that’s gonna be fine.
This is my conclusion based on a week or so of using ollama + qwen3.5:3b self hosted on a ~10 year old dell optiplex with only the built-in gpu. You don’t need state of the art to do simple tasks.
Our average user spends $50 a month all-in (tokens and subscription). If you're budget conscious you can use a cheap model (eg Gemini Flash) or even a free one. I confess I am a snob and only use Claude Opus, but even using OpenClaw all day every day I only spend about $500 a month on tokens.
Orthogonal credits are used more frequently by power users. For everyday tasks they'll last a very long time, I don't think any of our users have run out.
Some example Orthogonal user cases:
* customers in sales uses Apollo to get contact info for leads
* I use Exa search to help me prepare for calls by getting background info on customers and businesses
* I used SearchAPI to help find AirBnbs.
Point taken on the copy! We made this writing more technical for the HackerNews audience and try to use less jargon on other platforms.
IMO I don't think the "OpenClaw has root access to your machine" angle is the thing you should worry that much about. You can put your OpenClaw on a VM, behind a firewall and three VPNs but if it's got your Google, AWS, GitHub, etc. credentials you've still got a lot to worry about. And honestly, I think malicious actors are much more interested in those credentials than wiping out your machine.
I'm honestly kind of surprised everyone neglects to think about that aspect and is instead more concerned with "what if it can delete my files."
Because no one has a reliable solution to that problem. The file deletion angle is easier to advertise. "runs in a sandbox, can't touch your system" fits on a landing page, even if it's not the more important problem.
I think I agree here but for us it's more of a defense in depth thing. If you want to give it access to your email you are opening yourself up to attacks, but it doesn't have that access by default. We have an integration to give the agent it's own inbox instead of requiring access to your gmail for this reason. Similarly, if you want to only use Klaus for coding there is no risk to your personal data, even if your Klaus instance is hacked.
Do you run a dedicated "AI SRE" instance for each customer or how do you ensure there is no potential for cross-contamination or data leakage across customers?
Basically how do you make sure your "AI SRE" does not deviate from it's task and cause mayhem in the VM, or worse. Exfiltrates secrets, or other nasty things? :)
We run a dedicated AI SRE for each instance with scoped creds for just their instance. OpenClaw by nature has security risks so we want to limit those as much as possible. We only provision integrations the user has explicitly configured.
You're right that security is a major risk. Our perspective here is that by defaulting to an EC2 instance, you're in control of what data is at risk. If you connect Google Workspace, you are exposing yourself to some security risk risk there, but tons of users do email through AgentMail which doesn't have access to your personal data. Also no risk of filesystem access/Apple ID access by default.
Claude Code is awesome, I use it all day, every day. OpenClaw is similar but not the same. I think if all you do is write code, CC is probably best for you.
OpenClaw is interesting because it does a lot of things ok, but it was the first to do so. It will chat with you in Telegram/messages which is small but surprisingly interesting. It handles scheduled tasks. The open source community is huge, clawhub is very useful for out of the box skills. It's self building and self modifying.
It all runs on commands like imsg that Claude would be excellent at running given a suitable CLAUDE.md. Scheduled tasks are literally just cron, no problem for Claude.
What's the best "docker with openclaw" currently available? I have my own computers to run it on (I don't need a server). I want to play around, but containerized to avoid the security risk of MacOS app.
There seem to be about 20 options, and new ones every day. Any consensus on the best few are, and their tradeoffs?
I don't get it. The point of OpenClaw is it's supposed to be an assistant, helping you with whatever random tasks you happen to have, in natural language. But for that to work, it has to have access to your personal data, your calendar, your emails, your credit card, etc., no?
Are there other tasks that people commonly want to run, that don't require this, that I'm not aware of? If so I'd love to hear about them.
The ClawBert thing makes a lot more sense to me, but implementing this with just a Claude Code instance again seems like a really easy way to get pwned. Without a human in the loop and heavy sandboxing, a agent can just get prompt injected by some user-controlled log or database entry and leak your entire database and whatever else it has access to.
Yes and even now if you tell the LLM any private information inside the sandbox it can jow leak that if it gets misdirected/prompt injected.
So there isn't really a way to avoid this trade-off you can either have a useless agent with no info and no access. Or a useful agent that then is incredibly risky to use as it might go rogue any moment.
Sure you can slightly choose where on the scale you want to be but any usefulness inherently means it's also risky if you run LLMs async without supervision. The only absolutely safe way to give access and info to an agent is with manual approvals for anything it does. Which gives you review fatigue in minutes.
Acknowledging the reality of history and business here that there's a 99% chance you don't exist in a few years, I would encourage you nonetheless to break EC2 and AWS in every single way you can possibly imagine and in ways you can't, obviously not in your customer account, but in a separate one. I was doing consulting services for a machine learning company that sold pre-configured EC2s and associated data infra to third-party researchers at a markup and basically stood up and ran their whole environment for about two years. Networking is probably the most frustrating thing you'll ever encounter and beware when they change their APIs and parameters that used to default to null no longer do. It's especially fun when the Linux kernel on the hypervisors you can't see messes with your packets.
Nice turn key solution I like that it comes with it's own email and you don't need to add anything .... I was a fan of this VPS setup service for a beads agent system up from end to end but you need to BYO everything still it's free as in open source so got to thank Sir Dicklesworthstone for putting it together --
hasa | 3 hours ago
[OP] robthompson2018 | 2 hours ago
OpenClaw is capable of using ElevenLabs or other providers to make phone calls, but I personally haven't done this and as far as I know none of our customers have either. Is AI good enough at cold calling yet for this to work? I personally would never entertain such a call.
orsorna | 3 hours ago
baileywickham | 3 hours ago
0x008 | an hour ago
baileywickham | an hour ago
ndnichols | 3 hours ago
Two questions as a potential user who knows the gist of OpenClaw but has been afraid to try it: 1. I don't understand how the two consumption credits play into the total cost of ownership. E.g. how long will $20 of Orthogonal credits last me? I have no idea what it will actually cost to use Klaus/OpenClaw for a month. 2. Batteries included sounds great, but what are those batteries? I've never heard of Apollo or Hunter.io so I don't know the value of them being included.
In general, a lot of your copy sounds like it's written for people already deep into OpenClaw. Since you're not targeting those folks, I would steer more towards e.g. articulating use cases that work ootb and a TCO estimate for less technical folks. Good luck, and I'm eager to try it!
TheDong | 3 hours ago
I can give you an openclaw instruction that will burn over $20k worth of credits in a matter of hours.
You could also not talk to your claw at all for the entire month, setup no crons / reoccurring activities / webhooks / etc, and get a bill of under $1 for token usage.
My usage of OpenClaw ends up costing on the order of $200/mo in tokens with the claude code max plan (which you're technically not allowed to use with OpenClaw anymore), or over $2000 if I were using API credits I think (which Klause is I believe, based on their FAQ mentioning OpenRouter).
So yeah, what I consider fairly light and normal usage of OpenClaw can quite easily hit $2000/mo, but it's also very possible to hit only $5/mo.
Most of my tokens are eaten up by having it write small pieces of code, and doing a good amount of web browser orchestration. I've had 2 sentence prompts that result in it spinning up subagents to browse and summarize thousands of webpages, which really eats a lot of tokens.
I've also given my OpenClaw access to its own AWS account, and it's capable of spinning up lambdas, ec2 instances, writing to s3, etc, and so it also right now has an AWS bill of around $100/mo (which I only expect to go up).
I haven't given it access to my credit card directly yet, so it hasn't managed to buy gift cards for any of the friendly nigerian princes that email it to chat, but I assume that's only a matter of time.
grim_io | 2 hours ago
Giving an agent access to AWS is effectively giving it your credit card.
At the max, I would give it ssh access to a Hetzner VM with its own user, capable of running rootles podman containers.
haolez | 2 hours ago
wiether | 26 minutes ago
giancarlostoro | 2 hours ago
jimbob45 | an hour ago
kennywinker | 46 minutes ago
This is a problem for coding as smarter really has an impact there, but there are so so so many tasks that an 8b model that runs on a $200 gpu can handle nicely. Scrape this page and dump json? Yeah that’s gonna be fine.
This is my conclusion based on a week or so of using ollama + qwen3.5:3b self hosted on a ~10 year old dell optiplex with only the built-in gpu. You don’t need state of the art to do simple tasks.
[OP] robthompson2018 | 2 hours ago
Orthogonal credits are used more frequently by power users. For everyday tasks they'll last a very long time, I don't think any of our users have run out.
Some example Orthogonal user cases:
* customers in sales uses Apollo to get contact info for leads
* I use Exa search to help me prepare for calls by getting background info on customers and businesses
* I used SearchAPI to help find AirBnbs.
Point taken on the copy! We made this writing more technical for the HackerNews audience and try to use less jargon on other platforms.
_joel | 34 minutes ago
somewhatrandom9 | 2 hours ago
xienze | an hour ago
IMO I don't think the "OpenClaw has root access to your machine" angle is the thing you should worry that much about. You can put your OpenClaw on a VM, behind a firewall and three VPNs but if it's got your Google, AWS, GitHub, etc. credentials you've still got a lot to worry about. And honestly, I think malicious actors are much more interested in those credentials than wiping out your machine.
I'm honestly kind of surprised everyone neglects to think about that aspect and is instead more concerned with "what if it can delete my files."
necrodome | 55 minutes ago
baileywickham | 49 minutes ago
nullcathedral | 3 hours ago
Basically how do you make sure your "AI SRE" does not deviate from it's task and cause mayhem in the VM, or worse. Exfiltrates secrets, or other nasty things? :)
baileywickham | 3 hours ago
rid | 2 hours ago
baileywickham | 2 hours ago
Myzel394 | 2 hours ago
baileywickham | 2 hours ago
sealthedeal | 2 hours ago
gavinray | an hour ago
https://news.ycombinator.com/item?id=47327474
baileywickham | an hour ago
OpenClaw is interesting because it does a lot of things ok, but it was the first to do so. It will chat with you in Telegram/messages which is small but surprisingly interesting. It handles scheduled tasks. The open source community is huge, clawhub is very useful for out of the box skills. It's self building and self modifying.
throwaway314155 | 46 minutes ago
throwatdem12311 | 21 minutes ago
scosman | an hour ago
There seem to be about 20 options, and new ones every day. Any consensus on the best few are, and their tradeoffs?
clawguy | an hour ago
raizer88 | an hour ago
scosman | an hour ago
_joel | an hour ago
oh fuck yea, sounds great.
Hard pass on this (and OpenClaw) thanks.
ilovesamaltman | an hour ago
mind if I write an article about this on ijustvibecodedthis.com ?
baileywickham | 48 minutes ago
Tharre | an hour ago
Are there other tasks that people commonly want to run, that don't require this, that I'm not aware of? If so I'd love to hear about them.
The ClawBert thing makes a lot more sense to me, but implementing this with just a Claude Code instance again seems like a really easy way to get pwned. Without a human in the loop and heavy sandboxing, a agent can just get prompt injected by some user-controlled log or database entry and leak your entire database and whatever else it has access to.
jascha_eng | 30 minutes ago
So there isn't really a way to avoid this trade-off you can either have a useless agent with no info and no access. Or a useful agent that then is incredibly risky to use as it might go rogue any moment.
Sure you can slightly choose where on the scale you want to be but any usefulness inherently means it's also risky if you run LLMs async without supervision. The only absolutely safe way to give access and info to an agent is with manual approvals for anything it does. Which gives you review fatigue in minutes.
nonameiguess | an hour ago
jimmySixDOF | 12 minutes ago
https://agent-flywheel.com/