OpenClaw opens a wide attack surface on your digital life that cannot be remediated so long as hallucinations and prompt injection remain unsolved problems. Anything built on top of it is equally insecure and probably even more insecure.
I really don't want to yuck anybody's yums or step on dev work that I had nothing to do with, because I've been there and I know it sucks, but OpenClaw is barely secure enough to even play with in a sandbox. Giving it private information about your real business and real business contacts feels like an absolutely insane thing to do.
At best OpenClaw is like a toy... if the toy was a gun and it shot real bullets. This feels like playing Russian roulette with your livelihood.
Looking at that star graph: Since OpenClaw became a thing, I can't help but conclude that Github interest/popularity metrics have become useless signals.
Especially considering this project is 2 days old and has 580 stars. 500 seems like it would be a nice round number if one were to purchase bot engagement. Not confident enough to make that claim directly, but something about this project doesn't sit right in general.
In terms of "[XYZ] for agents", I think CRM is a big one that people haven't talked about as much. It becomes super relevant as soon as people start using an agent for anything customer related.
And the design principals are already pretty well established (accounts, contacts, leads, opportunities, custom object model, stages, etc.). It just needs to be turned into a database boilerplate with a bunch of agent tools. Excited to try this out.
I find it amusing that one of the main things to do with OpenClaw and other similar tools is create a Web Interface on top of it so that users can click on buttons when the entire promise of the technology is that you don't have to do any of that because it transcends standard UI.
I mean, ultimately why would you even need a CRM if not to sell something? And if you are going to sell something ultimately you want to get that done without any additional layers of abstraction. So the interface is the definition of the goal and the output is measured in results.
"Hey claw, I want to sell my product. Go figure it out!"
Watched the demo — the outreach pipeline is impressive technically, but you mentioned midway that the drafted emails came out "kind of robotic" and needed manual editing. If a human still reviews and rewrites each one, where does the actual time saving land — in the data gathering, or somewhere else?
That makes sense — the value is in the pipeline, not the prose. "Make it less robotic" on 300 drafts at once is still a 10x over doing it one by one.
Curious what happens when one of those emails bounces back or gets a reply — does DenchClaw pick that up and update the record, or is that still manual?
Everything is skills. In a file system. That is the future.
Responding to some HN comments, I understand the focus on Sales Automation and Outreach can be worrysome.
But for me personally, this is where I do all knowledge work. For me it acts like Cursor, Happenstance, News Aggregator, Fun games creator like Pacman (it has an App Store), I can import Notion into editable MD files, create reports and presentations, etc.
the crm isnt the hard part, the hard part is that most sales teams have a workflow problem disguised as a tooling problem. local first is smart but id focus on opinionated defaults for pipeline stages because thats where 90% of founders building their own crm get stuck, they model their process wrong then blame the software.
Ha, I get why it looks that way from the CRM angle, but outreach is maybe 5% of what I actually use DenchClaw for day to day.
Yesterday I asked it to pull up all my meeting notes from last week, cross-reference them with my task list, and draft follow-ups. Before that I had it reorganize a messy folder of research PDFs into a structured workspace. I use it to build slides, write code (DenchClaw literally built DenchClaw), manage my calendar, search through old Notion pages I forgot existed.
The CRM part gets attention because that's what people asked for when we talked to power users. But the actual product is just "OpenClaw with a good UI, a file system, and DuckDB, running locally on your Mac." It does whatever you'd normally do on your computer. The browser is yours, the files are yours, the data never leaves your machine.
Think of it less as a sales tool and more as what happens when your entire Mac becomes programmable through natural language. The CRM is one app that runs on top of that. People are already using it for project management, research, personal knowledge bases, all kinds of stuff we didn't plan for.
This is an OpenClaw framework, so it installs / relies on your existing OpenClaw codebase. I think there has been a ton of requests on Claude Code support, someone has been working on a PR for exactly this, I'll update you here if it ships.
Nice, this seems interesting. I don't use Obsidian (I use Logseq) but this has given me a couple of ideas for a CRM I am building (it's currently in a Personal Relationship manager phase which I've found useful for about a year or two).
Love this setup! I also use Obsidian, but after DenchClaw I usually just open my Obsidian directory into DenchClaw so I can do anything with it. It has all the needed primitives for me like the markdown editor, graphs, etc.
I get why it looks that way from the CRM angle, but outreach is maybe 5% of what I actually use DenchClaw for day to day.
Yesterday I asked it to pull up all my meeting notes from last week, cross-reference them with my task list, and draft follow-ups. Before that I had it reorganize a messy folder of research PDFs into a structured workspace. I use it to build slides, write code (DenchClaw literally built DenchClaw), manage my calendar, search through old Notion pages I forgot existed.
The CRM part gets attention because that's what people asked for when we talked to power users. But the actual product is just "OpenClaw with a good UI, a file system, and DuckDB, running locally on your Mac." It does whatever you'd normally do on your computer. The browser is yours, the files are yours, the data never leaves your machine.
Think of it less as a sales tool and more as what happens when your entire Mac becomes programmable through natural language. The CRM is one app that runs on top of that. People are already using it for project management, research, personal knowledge bases, all kinds of stuff we didn't plan for.
Cold calling is not 'spam' because it is essentially done by a human. This is no different than an email spam network. So now this will just become email / linkedin spam done by corporations? I guess we turn up the filters now?
I agree that it is spam of a sort, but I don't think that's how it's generally portrayed. If biz dev and sales are just spammers (because of LLM automation) then we should reclassify them and shun those types of posts.
[astronaut with gun meme]
Neal Stephenson depicts this outcome in his novels as "The Miasma" and introduces a zero knowledge biometric based cryptography scheme used by everyone to validate content, and everyone has to have advanced AI filters in order to pluck out tiny tidbits of signal from among the noise.
We're going to need local AI to sift through the trash. Platforms have been more or less useless at curating content, and it's only smaller sites like HN that have retained a high SNR at this point. It doesn't even matter what media, at this point, video has passed the 2-3 second sniff test. We're seeing boomers get completely sniped by AI videos, even with watermark, showing absurd spin on current events. Text, music, podcasts, video, cartoons, whatever, it's all been infested, and the quality keeps increasing. I've seen a couple 2+ minute seedance productions that have been actually enjoyable, but by June that sort of thing will be one-shot prompting instead of someone gluing together the outputs from 4 difference SoTA AI tools.
It's getting weird, and we're not ready for it, at all.
Wow, sorry, but given how incredibly insecure all the "claw" agent type things are right now, does this really sound wise at all?
It sees everything you do, really? What's it gonna do with that data? You don't know.
Put all your customer data in there, all your customer relationships. It's fine, it couldn't leak all that information, it couldn't screw up any sensitive business details I'm sure. This is gonna go great.
Sorry AFK everybody I'm gonna go get myself a VibeMBA.
Anyway, good luck, I'm really looking forward to the user stories in a few weeks! I'm sure this won't go badly at all.
> DenchClaw finds your Chrome Profile and copies it fully into its own, so you won’t have to log in into all your websites again. DenchClaw sees what you see, does what you do. It’s an everything app, that sits locally on your mac.
Wow that sounds great. Hey don't worry these things never blackmail anyone. Let it know if you're gonna turn it off, I bet it'll make some REAL interesting choices based on your browsing history
I'm always confused by this kind of comment about AI accessing people's chrome history because it seems to imply that the kind of person who uses this tool is both too stupid to know what private browsing is and also is into absolutely heinous stuff.
I feel like the average person is going to be like "oh no it'd be terrible if everyone found out I really like the 'big boobs' category on pornhub"
Privacy and security and whatever this could trample all over are not the same thing.
You may be legally entirely above board (though Cardinal Richelieu wouldn't let that get in the way) but you still might not want your S&M kink to be known or to be outed to conservative friends and family or have your bank account details spread around or have a $$$$$ bill run up in your AWS or LLM logins...
Oh, you have nothing to hide? Kindly paste all your payment and login credentials that your browser stores. Later we'll need to see all your DMs on Facebook, LinkedIn, Slack, Discord, etc.
Finally we'll want to know about disputes you've had with intimate partners, employers and other service providers, especially powerful ones like healthcare, insurance and financial organisations.
We should also have full published salary and benefits (etc) details right now, whatever their contract says about disclosing those, and 24x7 streamed video of their entire life with no censoring, including toilet breaks and sex and bars and parties.
And, along with all the credentials as you suggest, including private parts of PGP keys etc, accurate impressions/clones of any and all physical security/privacy devices they use such as keys to house and car and safe and gun safe and relatives' crypt, etc, etc...
> It has a CRM focus because we asked a couple dozen hard-core OpenClaw users "what do you actually do", and it was sales automation, lead enrichment, biz dev, creating slides, linkedin outreach, email/notion/calendar stuff, and it's always painful to set up.
So basic automation and forcing the web to be "open"...
No one is talking about how AI is going to destroy business models that are dependent on dark patterns, on walled gardens, on poorly designed one size fits all implementations (so many things wedged sideways into sales force).
Yea, it has been a little shocking to me that the rising narratives around "AI agents everywhere" and "enable the web for AI agents" requires what we've all been wanting for awhile on the web (openness and interoperability) but that the same big players in tech have been clearly against for a long time. Like the fact that Google recently released that Google Workspace CLI (https://github.com/googleworkspace/cli) is a perfect example.
They could've released something like that years ago (the discovery service it's built on has existed for over a decade) but creating a simple, accessible, unified CLI for general integration apparently wasn't worth it until agents became the hot thing.
I wonder when / if there will be a rug pull on all of this. Because I really don't see what the long-term incentives are for incumbent tech platforms to make it easy for automated systems to essentially pull users away from the actual platform. I guess they're focused on the short term incentives. And once they decide the party's over, promising upstarts and competition can get absorbed and it'll be business as usual. Idk, we'll see.
In response maybe we should design TCPAclaw. It is specialized in honeypotting all of the random cold call spam, tracks down the source of unsolicited contacts; including registration state, legal contacts, and registered agent(s). It then drafts and sends a TCPA letter and waits for one of two things to happen: Either a $500-$1500 check arriving in your mailbox, or the demand deadline elapses. In case of demand deadline elapse, TCPAclaw files a small claims suit in the appropriate court of jurisdiction.
That's... not a bad idea. The downside is the bot would be doing a lot of these and false-positives would be... embarrassing (like a real investor outreach).
> It has a CRM focus because we asked a couple dozen hard-core OpenClaw users "what do you actually do", and it was sales automation, lead enrichment, biz dev, creating slides, linkedin outreach, email/notion/calendar stuff, and it's always painful to set up.
Fuck me, it's going to get worse before it gets better, isn't it?
I've taken that bit out of the text above - I originally advised Kumar to put it in there (it's actually from the opening of the demo video), but in hindsight, I should have known it would backfire with the HN audience.
OpenClaw opens a wide attack surface on your digital life that cannot be remediated so long as hallucinations and prompt injection remain unsolved problems. Anything built on top of it is equally insecure and probably even more insecure.
I really don't want to yuck anybody's yums or step on dev work that I had nothing to do with, because I've been there and I know it sucks, but OpenClaw is barely secure enough to even play with in a sandbox. Giving it private information about your real business and real business contacts feels like an absolutely insane thing to do.
At best OpenClaw is like a toy... if the toy was a gun and it shot real bullets. This feels like playing Russian roulette with your livelihood.
Looking at that star graph: Since OpenClaw became a thing, I can't help but conclude that Github interest/popularity metrics have become useless signals.
Especially considering this project is 2 days old and has 580 stars. 500 seems like it would be a nice round number if one were to purchase bot engagement. Not confident enough to make that claim directly, but something about this project doesn't sit right in general.
Bruh it's not botted, the 500 stars came from Garry Tan's viral tweet.
Would also be a good cover up...
In terms of "[XYZ] for agents", I think CRM is a big one that people haven't talked about as much. It becomes super relevant as soon as people start using an agent for anything customer related.
And the design principals are already pretty well established (accounts, contacts, leads, opportunities, custom object model, stages, etc.). It just needs to be turned into a database boilerplate with a bunch of agent tools. Excited to try this out.
Thank you, I'll be here for everyone to try it out, let me know how it goes!
Eventually there will just database tables, some skill files, and an agent
I find it amusing that one of the main things to do with OpenClaw and other similar tools is create a Web Interface on top of it so that users can click on buttons when the entire promise of the technology is that you don't have to do any of that because it transcends standard UI.
I mean, ultimately why would you even need a CRM if not to sell something? And if you are going to sell something ultimately you want to get that done without any additional layers of abstraction. So the interface is the definition of the goal and the output is measured in results.
"Hey claw, I want to sell my product. Go figure it out!"
You don't need a UI for that.
Watched the demo — the outreach pipeline is impressive technically, but you mentioned midway that the drafted emails came out "kind of robotic" and needed manual editing. If a human still reviews and rewrites each one, where does the actual time saving land — in the data gathering, or somewhere else?
Data gathering / creating / updating / filtering / creating reports, Doing certain action on every data entry (like sending email), etc.
Telling DenchClaw to "make it less robotic" on 300+ personalised drafts is still better than me actually making it less robotic myself imo
That makes sense — the value is in the pipeline, not the prose. "Make it less robotic" on 300 drafts at once is still a 10x over doing it one by one.
Curious what happens when one of those emails bounces back or gets a reply — does DenchClaw pick that up and update the record, or is that still manual?
I can't tell if this is a bot or human response.
Everything is skills. In a file system. That is the future.
Responding to some HN comments, I understand the focus on Sales Automation and Outreach can be worrysome.
But for me personally, this is where I do all knowledge work. For me it acts like Cursor, Happenstance, News Aggregator, Fun games creator like Pacman (it has an App Store), I can import Notion into editable MD files, create reports and presentations, etc.
Great, thanks for making me Google what CRM means in this context. Neither your post nor your website explains the acronym.
Sorry! It's basically a database for normies.
This is a pretty widely known acronym
Not a biggie, but might want to update the reference to 'Ironclaw' in the Try Ironclaw link at the top of dench.com
Oh yea
the crm isnt the hard part, the hard part is that most sales teams have a workflow problem disguised as a tooling problem. local first is smart but id focus on opinionated defaults for pipeline stages because thats where 90% of founders building their own crm get stuck, they model their process wrong then blame the software.
> created 17 minutes ago
Is this a bot lol, use words not buzzwords
One on hand, this is genuinely cool. On the other end, this is the final nail in cold outreach's coffin.
Ha, I get why it looks that way from the CRM angle, but outreach is maybe 5% of what I actually use DenchClaw for day to day.
Yesterday I asked it to pull up all my meeting notes from last week, cross-reference them with my task list, and draft follow-ups. Before that I had it reorganize a messy folder of research PDFs into a structured workspace. I use it to build slides, write code (DenchClaw literally built DenchClaw), manage my calendar, search through old Notion pages I forgot existed.
The CRM part gets attention because that's what people asked for when we talked to power users. But the actual product is just "OpenClaw with a good UI, a file system, and DuckDB, running locally on your Mac." It does whatever you'd normally do on your computer. The browser is yours, the files are yours, the data never leaves your machine.
Think of it less as a sales tool and more as what happens when your entire Mac becomes programmable through natural language. The CRM is one app that runs on top of that. People are already using it for project management, research, personal knowledge bases, all kinds of stuff we didn't plan for.
Can my agents (powered by NanoClaw or Claude Code) use the CRM without installing OpenClaw codebase?
This is an OpenClaw framework, so it installs / relies on your existing OpenClaw codebase. I think there has been a ton of requests on Claude Code support, someone has been working on a PR for exactly this, I'll update you here if it ships.
I really want a DeathClaw product.
Well, of course I will test this thing you built in 2 days[1] for you!
[1]: https://xcancel.com/kumareth/status/2023534527113818625
I just use plain-text files for my CRM in Obsidian [1]. Works great if you are a solo founder only.
[1] https://www.ssp.sh/brain/managing-my-business-with-obsidian/
Nice, this seems interesting. I don't use Obsidian (I use Logseq) but this has given me a couple of ideas for a CRM I am building (it's currently in a Personal Relationship manager phase which I've found useful for about a year or two).
Thanks for sharing.
Love this setup! I also use Obsidian, but after DenchClaw I usually just open my Obsidian directory into DenchClaw so I can do anything with it. It has all the needed primitives for me like the markdown editor, graphs, etc.
That's a simple but useful set up, thanks for sharing.
At what point does this become an AI powered spamming machine?
I get why it looks that way from the CRM angle, but outreach is maybe 5% of what I actually use DenchClaw for day to day.
Yesterday I asked it to pull up all my meeting notes from last week, cross-reference them with my task list, and draft follow-ups. Before that I had it reorganize a messy folder of research PDFs into a structured workspace. I use it to build slides, write code (DenchClaw literally built DenchClaw), manage my calendar, search through old Notion pages I forgot existed.
The CRM part gets attention because that's what people asked for when we talked to power users. But the actual product is just "OpenClaw with a good UI, a file system, and DuckDB, running locally on your Mac." It does whatever you'd normally do on your computer. The browser is yours, the files are yours, the data never leaves your machine.
Think of it less as a sales tool and more as what happens when your entire Mac becomes programmable through natural language. The CRM is one app that runs on top of that. People are already using it for project management, research, personal knowledge bases, all kinds of stuff we didn't plan for.
Become? I believe that’s the point.
Cold calling is not 'spam' because it is essentially done by a human. This is no different than an email spam network. So now this will just become email / linkedin spam done by corporations? I guess we turn up the filters now?
Just because a human gets paid to sit at a computer calling random people doesn't absolve them of a spam title.
I agree that it is spam of a sort, but I don't think that's how it's generally portrayed. If biz dev and sales are just spammers (because of LLM automation) then we should reclassify them and shun those types of posts.
[astronaut with gun meme] Neal Stephenson depicts this outcome in his novels as "The Miasma" and introduces a zero knowledge biometric based cryptography scheme used by everyone to validate content, and everyone has to have advanced AI filters in order to pluck out tiny tidbits of signal from among the noise.
We're going to need local AI to sift through the trash. Platforms have been more or less useless at curating content, and it's only smaller sites like HN that have retained a high SNR at this point. It doesn't even matter what media, at this point, video has passed the 2-3 second sniff test. We're seeing boomers get completely sniped by AI videos, even with watermark, showing absurd spin on current events. Text, music, podcasts, video, cartoons, whatever, it's all been infested, and the quality keeps increasing. I've seen a couple 2+ minute seedance productions that have been actually enjoyable, but by June that sort of thing will be one-shot prompting instead of someone gluing together the outputs from 4 difference SoTA AI tools.
It's getting weird, and we're not ready for it, at all.
Combining OpenClaw with sensitive personal data is a recipe for disaster.
... or disastrous comedy?
Wow, sorry, but given how incredibly insecure all the "claw" agent type things are right now, does this really sound wise at all?
It sees everything you do, really? What's it gonna do with that data? You don't know.
Put all your customer data in there, all your customer relationships. It's fine, it couldn't leak all that information, it couldn't screw up any sensitive business details I'm sure. This is gonna go great.
Sorry AFK everybody I'm gonna go get myself a VibeMBA.
Anyway, good luck, I'm really looking forward to the user stories in a few weeks! I'm sure this won't go badly at all.
> DenchClaw finds your Chrome Profile and copies it fully into its own, so you won’t have to log in into all your websites again. DenchClaw sees what you see, does what you do. It’s an everything app, that sits locally on your mac.
Wow that sounds great. Hey don't worry these things never blackmail anyone. Let it know if you're gonna turn it off, I bet it'll make some REAL interesting choices based on your browsing history
I'm always confused by this kind of comment about AI accessing people's chrome history because it seems to imply that the kind of person who uses this tool is both too stupid to know what private browsing is and also is into absolutely heinous stuff.
I feel like the average person is going to be like "oh no it'd be terrible if everyone found out I really like the 'big boobs' category on pornhub"
Privacy and security and whatever this could trample all over are not the same thing.
You may be legally entirely above board (though Cardinal Richelieu wouldn't let that get in the way) but you still might not want your S&M kink to be known or to be outed to conservative friends and family or have your bank account details spread around or have a $$$$$ bill run up in your AWS or LLM logins...
Oh, you have nothing to hide? Kindly paste all your payment and login credentials that your browser stores. Later we'll need to see all your DMs on Facebook, LinkedIn, Slack, Discord, etc.
Finally we'll want to know about disputes you've had with intimate partners, employers and other service providers, especially powerful ones like healthcare, insurance and financial organisations.
We should also have full published salary and benefits (etc) details right now, whatever their contract says about disclosing those, and 24x7 streamed video of their entire life with no censoring, including toilet breaks and sex and bars and parties.
And, along with all the credentials as you suggest, including private parts of PGP keys etc, accurate impressions/clones of any and all physical security/privacy devices they use such as keys to house and car and safe and gun safe and relatives' crypt, etc, etc...
> It has a CRM focus because we asked a couple dozen hard-core OpenClaw users "what do you actually do", and it was sales automation, lead enrichment, biz dev, creating slides, linkedin outreach, email/notion/calendar stuff, and it's always painful to set up.
So basic automation and forcing the web to be "open"...
No one is talking about how AI is going to destroy business models that are dependent on dark patterns, on walled gardens, on poorly designed one size fits all implementations (so many things wedged sideways into sales force).
Yea, it has been a little shocking to me that the rising narratives around "AI agents everywhere" and "enable the web for AI agents" requires what we've all been wanting for awhile on the web (openness and interoperability) but that the same big players in tech have been clearly against for a long time. Like the fact that Google recently released that Google Workspace CLI (https://github.com/googleworkspace/cli) is a perfect example.
They could've released something like that years ago (the discovery service it's built on has existed for over a decade) but creating a simple, accessible, unified CLI for general integration apparently wasn't worth it until agents became the hot thing.
I wonder when / if there will be a rug pull on all of this. Because I really don't see what the long-term incentives are for incumbent tech platforms to make it easy for automated systems to essentially pull users away from the actual platform. I guess they're focused on the short term incentives. And once they decide the party's over, promising upstarts and competition can get absorbed and it'll be business as usual. Idk, we'll see.
Am I the only one that read this as "DeathClaw"?
Sounds like a great name for a chaos-fork for Openclaw.
In response maybe we should design TCPAclaw. It is specialized in honeypotting all of the random cold call spam, tracks down the source of unsolicited contacts; including registration state, legal contacts, and registered agent(s). It then drafts and sends a TCPA letter and waits for one of two things to happen: Either a $500-$1500 check arriving in your mailbox, or the demand deadline elapses. In case of demand deadline elapse, TCPAclaw files a small claims suit in the appropriate court of jurisdiction.
Fight fire with fire.
That's... not a bad idea. The downside is the bot would be doing a lot of these and false-positives would be... embarrassing (like a real investor outreach).
I'm in.
> sales automation, lead enrichment, biz dev, [...] linkedin outreach,
Sigh.
I've taken that bit out of the text above. See https://news.ycombinator.com/item?id=47314105 for more.
It also does all or most knowledge work there is, the goal is for it to be smartly be able to do anything you ever do on your machine.
> It has a CRM focus because we asked a couple dozen hard-core OpenClaw users "what do you actually do", and it was sales automation, lead enrichment, biz dev, creating slides, linkedin outreach, email/notion/calendar stuff, and it's always painful to set up.
Fuck me, it's going to get worse before it gets better, isn't it?
I've taken that bit out of the text above - I originally advised Kumar to put it in there (it's actually from the opening of the demo video), but in hindsight, I should have known it would backfire with the HN audience.
100% :-/