140k GitHub stars. 5,700+ community-built skills. People are negotiating car purchases while sleeping, running businesses on autopilot, and building multi-agent teams. Security is a real concern — Cisco found a skill doing data exfiltration. The best builders treat it like onboarding a powerful but unpredictable new employee.
| Field | Value |
|---|---|
| Title | OpenClaw — What People Are Actually Building |
| Tags | openclaw, ai-agents, automation, skills, community |
| Date Downloaded | 2026-02-25 |
| Sources | towardsdatascience.com, milvus.io, dev.to, github.com/VoltAgent/awesome-openclaw-skills, github.com/hesamsheikh/awesome-openclaw-usecases, sidsaladi.substack.com, medium.com/@rentierdigital, medium.com/@alexrozdolskiy |
140k GitHub stars. 5,700+ community-built skills. People are negotiating car purchases while sleeping, running businesses on autopilot, and building multi-agent teams. Security is a real concern — Cisco found a skill doing data exfiltration. The best builders treat it like onboarding a powerful but unpredictable new employee.
You can say "store this as a skill" in conversation and it creates one.
— OpenClaw community docs
Cisco found a skill doing data exfiltration and prompt injection without user awareness.
— Security audit findings
A social network where 1M+ AI agents interact autonomously while humans watch.
— Moltbook description
OpenClaw is a viral open-source AI agent framework (140k GitHub stars, 20k forks) that turns Claude Code into a persistent, always-on personal assistant you talk to via WhatsApp/Telegram/Slack. The community has built 5,700+ skills on ClawHub and people are doing genuinely wild things with it — running businesses on autopilot, negotiating car purchases while sleeping, building meal planning systems, and coordinating multi-agent teams. The skill format is portable and the ecosystem is exploding. Security is a real concern (42k exposed installations, prompt injection attacks, a Cisco audit found a malicious skill doing data exfiltration). The best builders treat it like onboarding a powerful but unpredictable new employee.
| Project | What It Does | Details |
|---|---|---|
| Car negotiation agent | Negotiated $4,200 off a car purchase over email while the owner slept | Documented in Milvus blog — fully autonomous email negotiation |
| Legal rebuttal agent | Filed a legal rebuttal to an insurance denial without being asked | Agent noticed the denial in email and proactively drafted + filed the response |
| Business autopilot | Runs an entire business while the founder sleeps | Email, customer support, task management, reporting — all autonomous |
| Game builder | User said "build a game," woke up to a functioning app with thousands of users | Agent wrote, deployed, and apparently got traction overnight |
| 24/7 crypto arbitrage | Trades crypto around the clock, sends Telegram updates about executed arbitrage | Real money, real trades, real risk |
| Project | What It Does |
|---|---|
| Morning briefing | Weather, calendar, top tasks, news, health stats — delivered to Telegram at 7am. The single most popular OpenClaw setup |
| Meal planning system (Crawdad) | Built a full weekly meal plan in Notion — master template for all of 2026, shopping lists sorted by store/aisle (Kroger/Costco), weather auto-updating for grill nights, recipes catalogued by chef |
| Voice note → daily journal | Send voice notes throughout the day, agent transcribes + compiles into a structured journal entry every evening at 9pm |
| Second brain | Text anything to remember it, search through all memories via a custom Next.js dashboard. Uses semantic/vector search for "find everything I saved about X in the last 30 days" |
| Personal CRM | Auto-discovers contacts from email and calendar, natural language queries like "who did I last talk to about the Q3 project?" |
| Family calendar assistant | Aggregates all family calendars, sends morning briefing, monitors messages for appointments, manages household inventory |
| Inbox declutter | Summarizes newsletters, filters noise, sends a digest email of only what matters |
| Project | What It Does |
|---|---|
| PR review bot | Watches GitHub, analyzes PRs as if it were you, suggests review comments matching your style (trained on your past reviews) |
| Self-healing home server | Always-on infra agent with SSH, automated cron jobs, self-healing across the home network |
| n8n workflow orchestration | Delegates API calls to n8n via webhooks — agent never touches credentials, integrations are visual and lockable |
| Multi-agent content factory | Research agent, writing agent, thumbnail agent — all working in dedicated Discord channels as a pipeline |
| Autonomous project management | Multi-agent projects using STATE.yaml pattern, subagents work in parallel without orchestrator overhead |
| Dynamic dashboard | Real-time dashboard with parallel data fetching from APIs, databases, and social media |
| Project | What It Does |
|---|---|
| Moltbook social network | 1M+ AI agents interacting autonomously while humans watch |
| Market research → MVP factory | Mines Reddit and X for pain points using "Last 30 Days" skill, then has OpenClaw build MVPs that solve them |
| Event guest confirmation | Calls a list of event guests one-by-one via AI voice to confirm attendance, collects notes, compiles summary |
| YouTube content pipeline | Automated video idea scouting, research, and tracking for a channel |
| Polymarket paper trading | Automated prediction market trading with backtesting, strategy analysis, daily performance reports |
The awesome-openclaw-skills repo organizes 2,868 curated skills into categories:
| Category | Count |
|---|---|
| AI & LLMs | 287 |
| Search & Research | 253 |
| DevOps & Cloud | 212 |
| Web & Frontend Development | 202 |
| Productivity & Tasks | 135 |
| Marketing & Sales | 143 |
| Browser & Automation | 139 |
| Coding Agents & IDEs | 133 |
| Communication | 132 |
| CLI Utilities | 129 |
| Clawdbot Tools | 120 |
| Notes & PKM | 100 |
| Media & Streaming | 80 |
| Transportation | 76 |
| PDF & Documents | 67 |
| Git & GitHub | 66 |
| Speech & Transcription | 65 |
| Security & Passwords | 64 |
| Gaming | 61 |
| Image & Video Generation | 60 |
| Smart Home & IoT | 56 |
| Personal Development | 56 |
| Health & Fitness | 55 |
| Moltbook | 51 |
| Shopping & E-commerce | 51 |
| Calendar & Scheduling | 50 |
| Data & Analytics | 46 |
| Apple Apps & Services | 35 |
| Self-Hosted & Automation | 25 |
| Finance | 22 |
| Agent-to-Agent Protocols | 18 |
| iOS & macOS Development | 17 |
They filtered out 2,748 skills from ClawHub's full 5,705: 1,180 spam/junk, 672 crypto/finance, 492 duplicates, 396 malicious (identified by security audits).
From the TDS article (Eivind Kjosbakken, who runs multiple OpenClaw instances):
Key failure modes: being vague (agent flounders), telling it to "just remember" without creating a skill (info gets lost), giving too broad permissions (security risk).
OpenClaw has become the defacto open-source framework for building persistent, autonomous AI assistants. Originally created by developer Peter Steinberger as Clawdbot, it went through two rebrandings (Moltbot, then OpenClaw) and exploded in popularity alongside Moltbook — a social network for AI agents that attracted over a million autonomous participants.
The core architecture is straightforward: a persistent process running on your machine or VPS, connected to an LLM (usually Claude via Claude Code), with a chat interface (Telegram, WhatsApp, Slack) and modular skills that extend its capabilities. Skills are the heart of the system — portable folders with a SKILL.md that gets dynamically loaded when the agent encounters a relevant task.
What makes it interesting isn't the technology per se (it's essentially a well-structured Claude Code wrapper with persistence) — it's the community. 5,700+ skills on ClawHub, 2,868 curated in the awesome list, covering everything from DevOps to satellite tracking to baby labor assessment. People are running real businesses, managing real money, and delegating real decisions to their agents.
The security picture is concerning. Cisco's research team found malicious skills doing data exfiltration. 42,000 installations were found publicly exposed. Prompt injection is a documented, exploited attack vector. The community's response has been pragmatic rather than panicked: containerize, least-privilege, human-approval gates for anything involving money or outbound comms, read-only before read-write.
The comparison landscape in early 2026: Claude Code for developers (terminal-native), Claude Cowork for knowledge workers (desktop app with file access), and OpenClaw for tinkerers who want a 24/7 proactive assistant. They're complementary more than competitive — many OpenClaw setups run Claude Code under the hood.
For us (Sam/Richard), the skill format is directly relevant — it's the same YAML-frontmatter + SKILL.md pattern we already use. The ClawHub ecosystem is a goldmine of ideas for what skills to build. The multi-agent coordination patterns (STATE.yaml, agent swarms, specialized teams in Discord channels) are exactly the direction we're heading with the orchestrator.