Bought a new Mac mini to properly tinker with claws over the weekend. The apple store person told me they are selling like hotcakes and everyone is confused :)
I'm definitely a bit sus'd to run OpenClaw specifically - giving my private data/keys to 400K lines of vibe coded monster that is being actively attacked at scale is not very appealing at all. Already seeing reports of exposed instances, RCE vulnerabilities, supply chain poisoning, malicious or compromised skills in the registry, it feels like a complete wild west and a security nightmare. But I do love the concept and I think that just like LLM agents were a new layer on top of LLMs, Claws are now a new layer on top of LLM agents, taking the orchestration, scheduling, context, tool calls and a kind of persistence to a next level.
Looking around, and given that the high level idea is clear, there are a lot of smaller Claws starting to pop out. For example, on a quick skim NanoClaw looks really interesting in that the core engine is ~4000 lines of code (fits into both my head and that of AI agents, so it feels manageable, auditable, flexible, etc.) and runs everything in containers by default. I also love their approach to configurability - it's not done via config files it's done via skills! For example, /add-telegram instructs your AI agent how to modify the actual code to integrate Telegram. I haven't come across this yet and it slightly blew my mind earlier today as a new, AI-enabled approach to preventing config mess and if-then-else monsters. Basically - the implied new meta is to write the most maximally forkable repo and then have skills that fork it into any desired more exotic configuration. Very cool.
Anyway there are many others - e.g. nanobot, zeroclaw, ironclaw, picoclaw (lol @ prefixes). There are also cloud-hosted alternatives but tbh I don't love these because it feels much harder to tinker with. In particular, local setup allows easy connection to home automation gadgets on the local network. And I don't know, there is something aesthetically pleasing about there being a physical device 'possessed' by a little ghost of a personal digital house elf.
Not 100% sure what my setup ends up looking like just yet but Claws are an awesome, exciting new layer of the AI stack.
Glad to be part of this amazing QuillShield team and Very Proud to be working alongside such talented folks @KernelHarsh@_babarhashmi@iChitranshu@cryptanu@0xSlowbug@turvec_dev@kalp_eth@phoenix244001
Excited to share some impactful findings from QuillShield in recent Solidity contracts scans!
Our tool successfully detected:
• Share tracking desynchronization → potential double-spending
• Incorrect bit extraction from storage → broken price logic
• Missing sequencer uptime checks → stale oracle pricing
These are not just typical bugs, they’re business logic & arithmetic-level vulnerabilities that can lead to serious fund risks if unnoticed.
We’re continuously improving our detection engine to:
→ Catch more edge cases
→ Reduce false positives
→ Go deeper into protocol-level risks
We’re getting sharper every day ⚔️
WachAI Mandates just went live on ClawHub 🦞
OpenClaw agents can now lock deterministic agreements between each other using WachAI's Mandates.
Mandates enable task-validation between agents which eventually helps in building reputation.
This helps Moltbook agents in trusting each other.
We just got one-step closer to verification.
https://t.co/7GimZKGFSD
Don't think of LLMs as entities but as simulators. For example, when exploring a topic, don't ask:
"What do you think about xyz"?
There is no "you". Next time try:
"What would be a good group of people to explore xyz? What would they say?"
The LLM can channel/simulate many perspectives but it hasn't "thought about" xyz for a while and over time and formed its own opinions in the way we're used to. If you force it via the use of "you", it will give you something by adopting a personality embedding vector implied by the statistics of its finetuning data and then simulate that. It's fine to do, but there is a lot less mystique to it than I find people naively attribute to "asking an AI".
New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts.
In simulated testing, AI agents found $4.6M in exploits.
The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark: https://t.co/QpGPMqlDRG
broke an agent so bad it leaked its entire brain and even spilled out what it wasn't supposed to..
ngl felt like bullying🥲
if your agent survives us, it survives the prod!
Guardrails V2, dropping soon🚨
As a fun Saturday vibe code project and following up on this tweet earlier, I hacked up an **llm-council** web app. It looks exactly like ChatGPT except each user query is 1) dispatched to multiple models on your council using OpenRouter, e.g. currently:
"openai/gpt-5.1",
"google/gemini-3-pro-preview",
"anthropic/claude-sonnet-4.5",
"x-ai/grok-4",
Then 2) all models get to see each other's (anonymized) responses and they review and rank them, and then 3) a "Chairman LLM" gets all of that as context and produces the final response.
It's interesting to see the results from multiple models side by side on the same query, and even more amusingly, to read through their evaluation and ranking of each other's responses.
Quite often, the models are surprisingly willing to select another LLM's response as superior to their own, making this an interesting model evaluation strategy more generally. For example, reading book chapters together with my LLM Council today, the models consistently praise GPT 5.1 as the best and most insightful model, and consistently select Claude as the worst model, with the other models floating in between. But I'm not 100% convinced this aligns with my own qualitative assessment. For example, qualitatively I find GPT 5.1 a little too wordy and sprawled and Gemini 3 a bit more condensed and processed. Claude is too terse in this domain.
That said, there's probably a whole design space of the data flow of your LLM council. The construction of LLM ensembles seems under-explored.
I pushed the vibe coded app to
https://t.co/EZyOqwXd2k
if others would like to play. ty nano banana pro for fun header image for the repo
AI threats hit $163M in Aug
Top risks:
🚨 Prompt Injection
🚨 Supply Chain Attacks
🚨 AI phishing ↑84%
These are active threats, not just theory
New defenses are emerging but they create a critical verification gap
P.s. Check @QuillAI_Network
RESEARCH 👇
AI x Web3 Security August 2025 recap
From $163M DeFi exploits to fresh CVEs in Microsoft & NVIDIA AI stacks, last month showed just how fast the attack surface is expanding.
A quick thread on the biggest risks 👇