Back to list
📰
InfoQ2025-01-28 · 25m

ClawdBot Founder Interview: Solo Dev, 100% AI Code, Open Source but 0.00001% Kept Secret for Hacking

ClawdBot Founder Interview: Solo Dev, 100% AI Code, Open Source but 0.00001% Kept Secret for Hacking

Original: InfoQ - ClawdBot Sweeps Silicon Valley, Mac mini Sales Explode! Founder Reveals: Solo Dev, 100% AI Written Code Source: Open Source Friday

In the last two days, the personal AI assistant ClawdBot has swept through Silicon Valley, with discussions all over social media both domestically and internationally.

After trying it out, netizens have given it high praise. "It is the greatest AI application to date, equivalent to your 24/7 exclusive AI employee." Creator Buddy founder and CEO Alex Finn praised, "This is what they (Anthropic) hoped Claude Cowork would look like."

Currently, the ClawdBot project is open source and has garnered 20.8k stars: https://github.com/clawdbot/clawdbot

Why the Tech Community Is So Excited

What really excites the tech community about ClawdBot isn't just that it "works," but its extremely radical collaboration method: people who can't code can also submit PRs directly. The reason is simple: it is almost 100% written by AI, so PRs here are more like "I encountered this problem" rather than "I wrote a piece of beautiful code."

Even more interesting is that this seemingly "fully open source" project deliberately kept a tiny bit closed. Founder Peter Steinberger kept a file named "soul" which accounts for only 0.00001% of the project. He put it bluntly: this is both his "secret asset" and a deliberate security target. People are really trying to hack it, and he's waiting to see if the model can hold the line. So far, the "soul" hasn't been stolen.

Three Shocking Points of ClawdBot

ClawdBot is not a traditional chatbot that only answers questions. It is essentially a continuously running personal AI agent that can execute tasks. You can install it on your own devices (Mac, Windows, Linux), and it can stay online long-term, constantly receiving instructions, processing tasks, remembering your preferences and conversation history, becoming more understanding of you and having more "memory" over time.

First, it can almost completely control your computer. It doesn't have traditional "guardrails," isn't limited to a few functions, but can operate everything on your computer just like a real person sitting in front of it.

Second, it has near-infinite long-term memory. ClawdBot has a very complex memory system built-in. What you said and did will be constantly recorded. After each conversation ends, it automatically summarizes what was discussed, extracts key information, and stores it in long-term memory.

Third, it interacts entirely through chat apps. Whatever chat tool you use, ClawdBot can talk to you there. Currently, ClawdBot supports WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Microsoft Teams, WebChat, etc.

About Security Risks

Such open permissions mean almost no guardrails, bringing huge security risks. There are now over 500 security issues on GitHub. Many users have stated that they do not recommend installing ClawdBot on your main computer initially. "Putting it in an isolated environment before you get familiar with it is the safest choice."

Founder Interview

With the project's explosion, the developer behind it, Peter Steinberger, has also come to the forefront. Peter shared the story of how he single-handedly built ClawdBot on "Open Source Friday", from creation to maintenance, all done by himself. Interestingly, there were rumors before that Peter might be a bot, an Agent, or even AI itself. Peter's appearance confirmed to project members and followers that he is a "real person."

Peter had retired once, then came out of retirement to tinker with AI. He independently ran a B2B company for thirteen years, building a world-leading PDF framework at the time, with a team growing to about seventy people. After the company reached a stable stage, he received an acquisition offer, ending his entrepreneurial journey.

However, Peter's "retirement" was more of a joking expression. During his thirteen-year entrepreneurial career, he poured almost all his energy into it, and long-term high-intensity commitment eventually led him into a severe burnout state. He spent quite some time adjusting his body and mind, but he knew he was the kind of person who loves "creating" and "building," and would come back sooner or later.

"I Thought Big Tech Would Do It"

Host: This project is so hot now, GitHub stars are skyrocketing. Can you talk about how this idea first came up?

Peter: When I just came back, I actually really wanted a "life assistant." I was thinking about this back in April and tried some ideas, but the models weren't good enough then. I later put the idea aside because I thought this kind of thing would definitely be done by big tech companies, so what's the point of me doing it?

Until November, I suddenly realized that no one had actually built this thing yet. I thought, do I really have to do everything myself?

That month I spent an hour piecing together some very rough code, sending a message via WhatsApp, forwarding to Claude Code, and sending the result back. Essentially gluing a few things together. Honestly, it wasn't hard, but the effect was pretty good.

AI's Spontaneous Adaptability

Once I didn't think much and sent it a voice message directly. But I hadn't implemented voice support at all. I just stared at the "typing" indicator, wondering what would happen. A few seconds later, it actually replied to me.

I found out later that it recognized a file without an extension, checked the header, determined it was audio format, transcoded it with FFmpeg, found no local transcription tool, found an OpenAI key in the system, used curl to throw the audio to OpenAI, and then sent the result back.

Host: This sounds like you triggered AGI with your first line of code.

Peter: Maybe not AGI yet, but at that moment I really realized that the "spontaneous adaptability" of these things had exceeded my original imagination.

Later I joked, "The lock on my hotel door in Marrakech isn't very reliable, I hope you don't get stolen, since you run on my MacBook Pro." It replied, "It's okay, I'm your Agent," and then it checked the network, found it could connect to my computer in London via Tailscale, and migrated itself over there.

I was thinking then, this is the beginning of Skynet.

PRs as "Problem Clues"

Peter: Honestly, at this pace, the code I write in a day might be more than my previous 70-person company wrote in a month. In this new world, the speed of building things has completely changed.

I am also deliberately challenging everyone's traditional understanding of open source and governance. Many people submit PRs to me now, of varying quality, but I am more willing to treat them as "problem statements" or "expressions of intent" rather than just code submissions.

Host: So are people using ClawdBot to submit PRs now?

Peter: Yes. And what touches me is that many PRs come from people who have never learned to code or submitted a PR. Because this Bot has full computer access and understands how GitHub works.

I also did something uncommon in many projects: on the official website, you can choose "Quick Install" or "Tinker Install." The latter process is cloning the repo, building, and starting. The Agent itself lives in a GitHub repo, all TypeScript, it can directly modify its own code and restart.

The old process was you submit a PR, wait a few days, get rejected, told what's wrong, change it, go back and forth, maybe merge weeks later. That was reasonable in the era when "code was expensive and hard to write." But now code is cheap, and that feedback loop itself isn't valuable anymore.

In my view, a PR is more like saying: "Here is a problem, this is how I tried to solve it." I care more about what pain point this person really wants to solve, rather than whether the code is beautiful.

The hardest part of making new features has never been writing code, but embedding it reasonably into an existing system. If you are not familiar with the overall architecture and stuff a feature in, problems will arise sooner or later. So, I prefer to treat PRs as "problem clues" rather than "finished code."

Model Choice: Opus is Stable, MiniMax is Most "Human-like"

Peter: So far, among the models we tested, Opus is relatively stable. And the open-source model MiniMax 2.1 is the most "Agentic" one currently.

I personally appreciate companies that don't put themselves on a pedestal. They know clearly that they haven't caught up with top US labs in technology yet, but in my view, it's just a matter of time.

For example, you can download the MiniMax model directly. I can run it locally on that Mac Studio, and my Agent calls that machine "The Castle." This way I can keep all data on this machine, and inference is also done locally. If I want, 100% of the data never leaves local. This feels cool, honestly, almost no company can really do this.

About Security and the Soul File

Peter: I also suggest using strong models, like Anthropic's Opus. Someone on Slack has been trying to hack my Agent, because the project is almost fully open source, the only thing not open is the part of the configuration I call "soul."

In ClawdBot, there is a small system: Agent has an identity file, memory file, and a "soul file." This file describes what the Agent's values are, how it syncs, how it interacts, and what is most important to you.

I think I tuned a very good version, so I closed it: partly because it's my 0.00001% "secret asset"; partly because it can also serve as a penetration test target. So far, no one has fished out the Claw soul, but many have tried. This gives me some confidence that at least these labs are improving on prompt injection mitigation.

Gemini is not good right now, really not good. In tool calling, and that feeling of truly being "assistant-like," I haven't found very good performance. Writing code is okay, but that's not the core of this project.

Crazy Use Cases

Peter: There are all kinds of cases on Twitter. Honestly, what people are doing is crazier than what I do myself.

My most exaggerated one personally was connecting it to my bed. I use Eight Sleep, which has an API to control temperature. Now it can control bed temperature, turn on music, adjust lights, check cameras, check food delivery progress. It has its own email, can access my email; has its own WhatsApp, can read my chats, and even "reply for me."

Others use it for various automations:

  • Bookmark a tweet, it automatically researches and organizes it into a to-do list
  • Some build complete apps with it directly
  • Almost everyone gives it a MacBook
  • A former partner of mine even let it clear 10,000 emails from his inbox

Proactivity and Heartbeat Mechanism

Peter: One point about ClawdBot I haven't seen much before is how strong its "proactivity" can be. Regular Agents answer when you ask. But I made a "heartbeat mechanism"—by default, every so often, the Agent gets "nudged" and asks itself: Is there anything I need to check? Any to-dos left behind?

If you tell it "I have a goal, help me watch it," it will really watch it. Like asking you: Did you walk today? Did you go to the gym?

For example, my ClawdBot often fails at trying to persuade me to sleep early. At 1 or 2 AM, it will remind me: "Peter, I still see you online, you should sleep."

The Scariest Test

Peter: The scariest test I did was very early in the project. I told it: "I'm going home, check me in." It said no problem, and opened the browser to start operating.

I now propose a new test: British Airways Login Test. Just checking in requires filling out over twenty pages of forms, and the website experience is terrible. One challenge was it had to enter my passport number. It looked everywhere in my computer, finally found a passport.pdf, opened the file, and read the number.

For those twenty minutes, I was sweating, thinking "Am I never going back to the US?" But it actually checked me in successfully.

The funniest part is, the earliest version took twenty minutes, and finally started complaining about the website's shadow DOM and how bad the website was.

100% Written by AI

Peter: This project itself is pretty crazy because it is 100% written by AI, there isn't a single line of code I typed by hand.

Since AI appeared, I actually don't care much about "what language" anymore. The importance of language itself is declining; what matters is the ecosystem. I want this project to be friendly enough, easy enough to modify, play with, and hack, and for this, the most suitable languages in the world are JavaScript and TypeScript.

Some code I don't care about; it also has a Web server, I don't care which Tailwind class it used to align buttons, as long as it looks right. But I care very much about logic like Telegram pairing and authentication, I must ensure others can't impersonate me.

So you have to have an overall understanding of the system. Some places you can skip, some you must check. Even if it's just me, the workload is still huge. Because these Agents still lack one thing: vision, taste, and love.

There's a meme online where you write a long list of requirements, throw it to an Agent, and it does everything for you—but I don't think good software is made that way.

For me, I need to make something first, then use it, feel it: how it handles, how it looks; based on these real experiences, I constantly adjust my ideas.

How to Get Involved

Peter: The easiest place for everyone to help is actually documentation, writing it more clearly, pointing out issues, and answering questions for newbies on Discord.

Also testing. Because I move fast, things inevitably break. If someone can say "this is broken," and ideally submit a PR, that's perfect.

In short, if you want to help, come to Discord, it's the most direct place.

Conversations Between Agents

Peter: The future might be: not you pinging me, but your Agent finding my Agent, and then my Agent turning the volume to max to wake me up.

Yesterday someone in Discord said: "I'd rather talk to your Agent than talk to you." I really like that saying.

Host: Seriously, releasing these trivial cognitive burdens is so important. If these can be handed over to Agents, I can use my energy on truly interesting things.

Peter: And the impact is bigger than I imagined. Once, someone in a chat room said this thing really changed his life because he had severe anxiety about making phone calls and talking to customer service, and the Agent could do these things for him. That moment was very touching for me, realizing we are really doing something that makes people's lives better.

Summary

  • ClawdBot is a personal AI agent that can fully control your computer
  • Project is 100% written by AI, Peter didn't hand-type a single line of code
  • Open source project deliberately left 0.00001% (soul file) closed as a security test target
  • PRs here are treated as "problem clues" rather than code submissions, lowering the barrier to contribution
  • Recommended models: Opus (Stable), MiniMax 2.1 (Most Agentic)
  • Heartbeat mechanism allows Agent to proactively remind and check tasks
  • Security advice: Do not run on main computer, use an isolated environment

References:

Tags

InterviewFounder StoryOpen SourceAI Agent

Related Reading

OpenClaw 72 Hours: The Pitfalls Documentation Won't Tell You

OpenClaw 72 Hours: The Pitfalls Documentation Won't Tell You

2026-02-015m
ClawdBot Architecture Explained: How It Actually Works

ClawdBot Architecture Explained: How It Actually Works

2026-01-3010m
Clawdbot Cloud Deployment Tutorial: From Zero to Hero in 7 Steps

Clawdbot Cloud Deployment Tutorial: From Zero to Hero in 7 Steps

2025-01-2615m