zlacker

Have ignored the flood of "Clawdbot" stuff on here lately because none of it seemed interesting but read this and skimmed the docs and I'm leaving puzzled- I understand "Clawdbot" was renamed "OpenClaw" due to trademark...yet I'm finding currently three different websites for apparently the same thing?

1. https://openclaw.ai/ [also clawd.bot which is now a redirect here]

2. https://clawdbot.you/

3. https://clawdbotai.org/

They all have similar copy which among other things touts it having a "local" architecture:

    "Private by default—your data stays yours."

    "Local-First Architecture - All data stays on your device. [...] Your conversations, files, and credentials never leave your computer."

    "Privacy-First Architecture - Your data never leaves your device. Clawdbot runs locally, ensuring complete privacy and data sovereignty. No cloud dependencies, no third-party access."

Yet it seems the "local" system is just a bunch of tooling around Claude AI calls? Yes, I see they have an option to use (presumably hamstrung) local models, but the main use-case is clearly with Claude -- how can they meaningfully claim anything is "local-first" if everything you ask it to do is piped to Claude servers? How are these claims of "privacy" and "data sovereignty" not outright lies? How can Claude use your credentials if they stay on your device? Claude cannot be run locally last I heard, am I missing something here?

>>ghostl+(OP)
Oh my goodness. Reading up on it a bit more:

     Ox Security, a "vibe-coding security platform," highlighted these vulnerabilites to its creator, Peter Steinberg. The response wasn't exactly reassuring.

    “This is a tech preview. A hobby. If you wanna help, send a PR. Once it’s production ready or commercial, happy to look into vulnerabilities.”[1]

In light of this I'm inclined to conclude- yeah, they're just lying about the privacy stuff.

1. https://www.xda-developers.com/please-stop-using-openclaw/