Clawdbot: The Open-Source AI Assistant That Actually Acts
Clawdbot is not your typical chatbot. Instead of just responding, it executes real tasks: managing emails, controlling browsers, organizing files. All through WhatsApp, Telegram or Slack, while your data stays on your own hardware. Here is what this means for you.
What is Clawdbot?
Clawdbot is an open-source project that went viral in early 2026, collecting over 30,000 GitHub stars within weeks. It was developed by Peter Steinberger, founder of PSPDFKit, whose PDF SDK is used by companies like Apple, Adobe, and Dropbox.
Core Concept: Claude with Hands
While ChatGPT or Claude in a browser only output text, Clawdbot can actually act:
- Browser Automation: Open websites, fill forms, create screenshots
- File System Access: Read, write, organize, and search files
- Shell Commands: Start programs, run scripts, send system commands
- Proactive Communication: The bot can contact you on its own, not just respond
- Persistent Memory: Remembers context across weeks and months
Technical Architecture
Clawdbot is built on a gateway architecture that orchestrates various components. Understanding this structure helps you better assess capabilities and limitations.
1. Gateway (Control Center)
A Node.js process (version 22+) that serves as the central control unit:
- Session management and state handling
- Connection to messaging channels
- Tool registration and skill management
- Cron jobs for scheduled tasks
- Web dashboard on port 18789
2. Messaging Channels
Clawdbot communicates where you already are:
- WhatsApp: Via WhatsApp Web/Baileys
- Telegram: Through the Bot API
- Slack & Discord: Native bot integration
- Signal: Encrypted communication
- iMessage: Via imsg CLI on macOS
- Microsoft Teams: For enterprise environments
3. LLM Integration
The actual intelligence comes from external language models:
- Anthropic Claude: Primary recommendation, via API or OAuth
- OpenAI GPT Models: Alternative provider option
- Local Models: Via Ollama for maximum privacy
Core Features in Detail
Clawdbot offers a wide range of automation capabilities. Here are the most important use cases:
Inbox triage and email summaries, calendar review and meeting reminders, task lists and project briefings, automatic daily reports via cron jobs.
Summarize articles and PDFs, draft blog posts and reports, convert notes into structured documents, prepare social media posts.
Automatically fetch dashboards, fill forms, extract data from websites, create screenshots and documentation.
Morning briefings via WhatsApp, stock alerts and notifications, deadline reminders, automatic summaries after meetings.
Nodes and Companion Apps
Clawdbot extends its reach through dedicated apps:
- macOS Menu Bar App: Quick access and status display
- iOS/Android Nodes: Camera, screen recording, location
- Voice Wake: Voice activation with configurable wake words
- Canvas UI: Visual dashboards that the agent can manipulate
Clawdbot vs. Traditional Chatbots
To understand the difference, a direct comparison with web-based AI assistants helps:
| Property | ChatGPT/Claude Web | Clawdbot |
|---|---|---|
| Hosting | SaaS, provider servers | Self-hosted (local/VPS) |
| Interface | Dedicated web app | WhatsApp, Telegram, Slack, etc. |
| Memory | Per chat, limited | Persistent across weeks/months |
| Actions | Text output only | Browser, files, shell, email |
| Proactivity | Only on request | Cron jobs, automatic messages |
| Data Control | With provider | On your hardware |
| Setup Effort | None (create account) | High (CLI, configuration, security) |
Security: Opportunities and Risks
Clawdbot's strength of being able to execute real actions is simultaneously its greatest risk. An honest assessment:
Important Warning
Clawdbot can execute shell commands, read and write files, and control the browser. Misconfiguration or successful prompt injection can cause significant damage. The developers explicitly recommend not running Clawdbot on your main work computer with full access.
Built-in Security Tools
- clawdbot security audit: Checks configuration for common security issues
- DM Pairing: Only authorized users can communicate with the bot
- Tool Restriction: Dangerous tools can be disabled per agent/channel
- Sandboxing: Different permission profiles for different users
- Incident Response: Documented steps in case of compromise
Strictly control who can talk to your bot. Use allowlists and pairing codes.
Restrict tools and file access to what is necessary. Use sandboxing for non-owners.
Assume models can be manipulated. Limit the blast radius accordingly.
Deploying Clawdbot in the European Union
Using Clawdbot in the EU brings specific considerations, particularly regarding data protection and compliance.
Data Protection and GDPR
- Self-Hosting: Data stays on your infrastructure, making GDPR compliance easier
- LLM Connection: When using Anthropic/OpenAI, data is transmitted to US servers
- Local Models: Ollama integration enables fully local processing
- Documentation Requirement: Records of processing activities required under Art. 30 GDPR
Run Clawdbot on European VPS providers like Hetzner or with European cloud providers for simpler GDPR compliance.
For sensitive data: Use Ollama with local models. Quality is lower, but no data leaves your network.
When using cloud LLMs: Conclude Data Processing Agreements with Anthropic or OpenAI.
For enterprise use: Works councils have co-determination rights regarding technical monitoring under European labor law.
Recommendations for European Users
- Start with non-sensitive tasks like research and summaries
- Document data flows and create a records of processing activities
- Evaluate whether Ollama with local models suffices for your use case
- Run Clawdbot on a dedicated system, not on your work computer
Costs and Resources
Clawdbot itself is free, but operations incur costs for hosting and LLM APIs.
Cost Control
Users report hitting daily API limits quickly with intensive usage. Here is how you can keep costs under control:
- Reduce cron frequency: Less frequent automatic tasks
- Model tiering: Lighter models for simple tasks, Opus only for complex ones
- Set token limits: Limit maximum tokens per message and session
- Fallback models: Automatically switch to cheaper model when rate limited
Who is Clawdbot For?
Clawdbot is not a mass product. It targets a specific audience with corresponding skills and willingness to invest time.
Developers and IT professionals with CLI experience who want a programmable assistant integrated into their workflows.
Power users and indie hackers who want to automate routine tasks while maintaining full control over their data.
Non-technical users looking for a plug-and-play solution like Siri or a simple ChatGPT replacement.
Enterprises with strict IT policies that prohibit experimental agents on internal systems.
Getting Started with Clawdbot
If you want to try Clawdbot, here is a pragmatic approach:
1. Set Up an Isolated Environment
Use a separate VPS or VM, not your main machine. Hetzner or DigitalOcean offer affordable entry options. Minimum 2 GB RAM and 2 CPU cores.
2. Installation and Configuration
Run the installer script and complete the onboarding wizard. Configure LLM provider, connect a messaging channel (Telegram is easier than WhatsApp), and set up DM pairing.
3. Check Security
Immediately run
clawdbot security audit --deep
and apply the recommended fixes. Restrict tools and file access to the minimum.
4. Low-Risk Use Cases First
Start with summaries, research, and informational tasks. Activate browser and shell access only once you understand the system.
Conclusion: Powerful, but with Responsibility
Clawdbot offers a fascinating glimpse into the future of personal AI assistants. Instead of just answering questions, it executes real tasks, remembers context, and communicates proactively where you already are.
Key Takeaways
- Clawdbot is a powerful framework for technically adept users, not a consumer product
- The self-hosting architecture gives you data control but requires maintenance and security awareness
- The same capability that makes Clawdbot useful makes it dangerous when misconfigured
- For European users, GDPR aspects with cloud LLM connections must be considered
- Start isolated, learn the system, and expand gradually
Clawdbot is not for everyone, but if you have the technical skills and are willing to invest time in setup and security, you get an assistant that can do significantly more than any browser-based chatbot.
Further Reading
Frequently Asked Questions
Clawdbot is a self-hosted AI assistant that runs on your own hardware and communicates via messaging apps like WhatsApp or Telegram. Unlike ChatGPT, Clawdbot can execute real tasks such as controlling browsers, managing files, or sending emails. Your data stays on your servers. The trade-off: You need technical know-how for setup and maintenance.
You need Node.js version 22 or higher, at least 2 GB RAM and 2 CPU cores. The system runs on macOS, Linux, or Windows with WSL2. For intensive browser automation, more resources are recommended. API keys for Anthropic Claude or OpenAI are also required, unless you exclusively use local models via Ollama.
Since Clawdbot is self-hosted, you have full control over data processing. When using cloud LLM providers like Anthropic or OpenAI, data is transmitted to their servers, requiring appropriate agreements (DPA). For maximum GDPR compliance, you can use local models via Ollama, though these are less capable than cloud models.
Clawdbot can execute shell commands and access the file system, which can be dangerous if misconfigured or through prompt injection. The developers strongly recommend running the bot on a separate system, restricting access rights, and regularly running
clawdbot security audit
. The documentation contains detailed security guidelines that you should definitely follow.
The software itself is open source and free (MIT license). Costs arise from hosting (starting at about 5-10 euros per month for a simple VPS with providers like Hetzner) and LLM API usage. With intensive use of Claude Opus, API costs can rise quickly. Daily usage limits, model fallbacks, and token limits help control costs.