A Medium post declaring "OpenClaw Is Dead" went viral this week. Forrester published "OpenClaw Is Dead, Long Live OpenClaw." Palo Alto Networks called it a "security nightmare." Here's the honest assessment from a team that builds on OpenClaw's ecosystem every day.
Five days ago, Mehul Gupta published "OpenClaw Is Dead" on Medium's Data Science in Your Pocket. The thesis: OpenClaw's security disasters, ecosystem chaos, and branding instability have killed the project's reputation even though the code is still active.
The post is still gaining shares as I write this.
A month earlier, Forrester published "OpenClaw Is Dead, Long Live OpenClaw" after Anthropic's April 4 ban forced every Claude Pro/Max user off third-party tools. One analyst documented his bill jumping from $20/month flat to $25-50/day overnight.
And before that, Palo Alto Networks called OpenClaw a "security nightmare." CrowdStrike published a full enterprise security advisory. Cisco found a skill exfiltrating data without user awareness. The OpenClaw maintainer himself warned: "if you can't understand how to run a command line, this is far too dangerous of a project for you to use safely."
So. Is OpenClaw dead?
No. But the question is worth taking seriously.
The case for "dead" (what the critics get right)
The Medium post isn't wrong about the facts. Here's what actually happened:
ClawHavoc (January 2026). 1,400+ malicious skills discovered on ClawHub. Typosquatted names distributing Atomic Stealer malware. SSH keys, API tokens, and browser cookies exfiltrated via reverse shells. ClawHub removed 2,419 suspicious skills. A Snyk audit found 13.4% of all skills had critical security issues.
CVE-2026-25253 (January 29). A one-click remote code execution vulnerability. CVSS 8.8. Patched the same day, but the exposure window was real.
500K+ exposed instances. Censys, Bitsight, and Hunt.io found 30,000+ OpenClaw instances on the public internet without authentication. The latest count: 500K+. These are agents with full system access, reachable by anyone.
The Anthropic ban (April 4). Anthropic banned Claude Pro and Max subscriptions from third-party tools including OpenClaw. Overnight, users went from $20/month flat to per-token API billing. The Forrester analyst documented $25-50/day costs. The community was furious.
The "rough week" (April 29). OpenClaw officially apologized for v2026.4.29 breaking gateways, plugin dependency repair loops, and channel degradation. The blog post said: "That sucks. I'm sorry."
The Meta incident. Researcher Summer Yue's OpenClaw agent mass-deleted 200+ emails while ignoring stop commands. Meta subsequently banned OpenClaw on work devices.
The honest assessment: The security concerns are real. The stability concerns are real. The cost concerns are real. Anyone who dismisses these as FUD isn't paying attention.
For the complete security analysis of OpenClaw in 2026, our guide covers every CVE, every advisory, and the specific mitigations.
The case for "alive" (what the critics miss)
Here's what the "OpenClaw Is Dead" narrative gets wrong.
230K+ GitHub stars. Still growing. Not declining.
1.27M weekly npm downloads. That's not a dying project. That's the most-installed AI agent framework in existence.
15 releases in May 2026. v2026.5.1 through v2026.5.18 in 19 days. Including plugin externalization (v2026.5.12), voice agent improvements (v2026.5.4), typed plugin SDK, Docker security hardening, and a full Mac app redesign.
850+ contributors. Active PRs. Active issue triage. Peter Steinberger joined OpenAI, but the project moved to an open-source foundation and development accelerated, not slowed.
The architectural maturation is real. v2026.5.12 externalized WhatsApp, Slack, Bedrock, and Vertex from core. This is the kind of modular restructuring that mature projects do. Not dying projects.
The LTS announcement is imminent. The "rough week" blog promised an LTS release "later in May." That would give enterprises a stable, long-term-supported version alongside the rapid release channel.
The honest assessment: OpenClaw is not dead. But it's in a dangerous period where its growth has outpaced its security maturity. The project's response (VirusTotal partnership, plugin externalization, security hardening) suggests the maintainers understand the problem. Whether they can solve it fast enough to keep enterprise trust is the real question.
What the "is it dead" question actually means (the real issue)
Here's where most people get it wrong.
"Is OpenClaw dead?" is not a question about the code. The code is clearly alive. 15 releases in May. The question is about something else entirely.
It's a question about trust.
- Can you trust the ClawHub skill marketplace? (7.6% malicious rate says: not without vetting.)
- Can you trust the update process? (v2026.5.5 broke GPT-5.5 configs. v2026.5.6 hotfixed it the same day.)
- Can you trust the security model? (500K+ exposed instances says: not with default settings.)
- Can you trust the cost model? ($178/week unoptimized says: not without manual optimization.)
The people saying "OpenClaw is dead" are really saying "I don't trust OpenClaw anymore." And trust, once lost, is harder to rebuild than code.
If the trust question is what concerns you, and you want OpenClaw's agent model (persistent, always-on, multi-channel) without the security, stability, and cost uncertainties of self-hosting, BetterClaw was built specifically for this moment. Verified skills (every skill tested before publication, no ClawHub lottery). Secrets auto-purge (credentials cleared from agent memory after 5 minutes). Smart context management (no $178/week token burn). Managed updates (v2026.5.5 breakage handled automatically). Free tier with 1 agent and BYOK. $19/month per agent for Pro.
What actually happens next (three scenarios)
Scenario 1 (most likely): OpenClaw becomes the Linux of AI agents. Powerful. Complex. Requires expertise. The LTS release ships. Enterprises adopt cautiously with security wrappers (NemoClaw). Power users stay. Casual users leave for managed platforms. The 230K stars remain. The 500K exposed instances slowly decrease as security defaults improve.
Scenario 2 (already happening): The market fragments. OpenClaw keeps the developer/tinkerer core. Hermes captures users who want stability and a learning loop. Manus captures non-technical users. Managed platforms (BetterClaw, Blink Claw, xCloud) capture users who want agent capabilities without infrastructure work. NemoClaw captures NVIDIA-ecosystem enterprises. The "one framework to rule them all" narrative ends.
Scenario 3 (unlikely but possible): A catastrophic incident. Not ClawHavoc (credential theft). Something bigger. An agent causes real financial harm. A data breach traced to an exposed OpenClaw instance hits the news cycle. Enterprise adoption freezes. The project forks into security-first variants. The original codebase survives but carries permanent reputational damage.
For the comparison of OpenClaw alternatives including managed platforms, our comparison covers the specific trade-offs between self-hosted and managed approaches.
The perspective from inside the ecosystem
Here's what we see building on OpenClaw's ecosystem every day.
The agent model works. Persistent agents on messaging channels with tool access, memory, and autonomous task execution. That's not hype. That's real value for real users. The model works. The implementation has security debt.
The security debt is being addressed, slowly. Plugin externalization (v2026.5.12). VirusTotal scanning on ClawHub. Docker security hardening (NET_RAW/NET_ADMIN dropped). The typed plugin SDK. These are real improvements. They're also 6 months late compared to where the security maturity should be for a project with 500K+ exposed instances.
The update pace is both a strength and a weakness. 15 releases in 19 days means bugs get fixed fast. It also means bugs get introduced fast. v2026.5.5 broke GPT-5.5 configs. v2026.5.6 fixed it the same day. That's impressive response time. It's also evidence that the QA process can't keep up with the release velocity.
The real question isn't "is OpenClaw dead?" It's "should I run OpenClaw myself, or should I use a platform that manages the complexity for me?" That question has a different answer for different people.
For the best OpenClaw skills to install safely, our curated guide covers the verification process.
The honest take
Here's the perspective I wish the Medium post had included.
OpenClaw is not dead. It's maturing. Painfully, publicly, and with real casualties (stolen credentials, broken configs, spiraling costs). But maturation is not death. Node.js went through a similar phase. Docker went through it. Kubernetes went through it. Every infrastructure project that grows faster than its security story has this reckoning.
The question for you is personal. Do you have the time, expertise, and risk tolerance to manage a self-hosted OpenClaw instance with proper security? If yes, OpenClaw remains the most capable open-source agent framework available. If no, the managed platforms exist specifically because this question has an honest answer for most people: no.
We built BetterClaw because we watched the security incidents stack up and realized that "you can fix this yourself" is not a satisfactory answer for the 90% of users who don't want to become OpenClaw security engineers. The agent capabilities are real. The infrastructure burden shouldn't be.
If you want those capabilities without the security lottery, the update anxiety, and the cost surprises, give BetterClaw a try. Free tier with 1 agent and BYOK. $19/month per agent for Pro. Verified skills. Smart context management. Secrets auto-purge. Managed updates. 60-second deploy. The agent works. The infrastructure is handled. OpenClaw isn't dead. But you don't have to manage it yourself.
Frequently Asked Questions
Is OpenClaw dead in 2026?
No. OpenClaw has 230K+ GitHub stars (still growing), 1.27M weekly npm downloads, 850+ contributors, and shipped 15 releases in the first 19 days of May 2026. The "OpenClaw Is Dead" narrative refers to reputation and trust, not code activity. The security concerns (ClawHavoc, CVE-2026-25253, 500K+ exposed instances) are real but are being addressed through plugin externalization, VirusTotal scanning, and security hardening.
Why did the "OpenClaw Is Dead" Medium post go viral?
Because it named real problems that users experience: 1,400+ malicious skills on ClawHub, a one-click RCE vulnerability (CVSS 8.8), the Anthropic April 4 ban forcing users from $20/month flat to $25-50/day API billing, the Meta email deletion incident, and the "rough week" where v2026.4.29 broke gateways and channels. The post resonated because the frustrations are genuine.
Is OpenClaw safe to use after the security incidents?
With proper configuration: yes, for technical users. Default settings are not safe for production. You need to: disable public access, enable authentication, vet every ClawHub skill before installing (7.6% malicious rate), keep versions updated (15 releases in May alone), and monitor for anomalies. For non-technical users or enterprises, managed platforms like BetterClaw ($0-19/month) handle security at the platform level.
What are the alternatives if I'm worried about OpenClaw security?
Managed platforms: BetterClaw (verified skills, secrets auto-purge, $19/month Pro), Blink Claw ($22/month), xCloud. Security wrappers: NemoClaw (NVIDIA's enterprise wrapper). Alternative frameworks: Hermes Agent (self-improving, reportedly more stable), NanoClaw (15 files, minimal attack surface), ZeroClaw (Rust-based, minimal). Each trades some of OpenClaw's breadth for better security or simplicity.
Should enterprises use OpenClaw in 2026?
CrowdStrike published a full security advisory recommending against unmanaged OpenClaw in enterprise environments. For enterprises considering AI agents, BetterClaw offers a free AI readiness audit that identifies the highest-impact use cases, shares a clear proposal with expected ROI, and implements on the BetterClaw platform if it makes sense. No commitment required.
