OpenClaw is popular, but not everyone is suitable for raising “lobsters”

Economic Observer Network Recently, Tencent held a free installation event for OpenClaw (nicknamed “Crayfish”) in Shenzhen. Tencent Cloud engineers provided one-stop services at the site, covering installation and deployment, model configuration, IM (instant messaging software) channel opening and popular skill unlocking, adding to the popularity of OpenClaw, a phenomenal open source AI agent.

OpenClaw was developed by software engineer Peter Steinberger. It is not a traditional conversational chatbot, but is designed as an autonomous AI agent that can actually perform tasks. It can run on the user’s own device (supports cross-platforms such as macOS, Windows, Linux, etc.) and cloud hosts. It usually interacts with instant messaging tools and can manage emails, operate browsers, read and write local files, organize information, and write code. It can also call external APIs or tools through the expanded “Skills” mechanism to achieve more complex tasks.

According to media reports, at Tencent’s free installation event on March 6, thousands of people lined up to install it. There was a 68-year-old man who came by car for more than an hour. Many people expressed their intention to use it in stock trading, video editing, self-media and other fields. However, behind the rapid rise of “shrimp farming” craze, not everyone is suitable to raise this popular “crayfish”.

01

If you don’t even know how to install it, don’t bother with it yet.

The core advantage of OpenClaw lies in local deployment and data privatization. All memories and file indexes are stored on the user device. However, this advantage also constitutes a significant threshold. The installation and configuration process is far from being summarized by “one-click startup”.

Users need to clone the GitHub repository, configure the Python environment, install dependency packages, and manually set a series of settings such as model access keys. For developers who are familiar with the command line, these steps may only take tens of minutes, but for ordinary users, even if the official documentation provides detailed guidance, it may still take hours or even days to debug in the face of terminal commands, environment variable configuration, and potential compatibility issues. More importantly, OpenClaw is not a closed application, but a modular architecture. For first-time use, you need to select or customize the “Skills” expansion package, which further increases the learning curve.

Many users reported on social media and forums that they encountered problems such as model API connection failure, abnormal permission granting, or memory overflow during the installation phase, and finally gave up. Even if it is used through “one-click installation”, there are still user feedbacks asking Lobster to help you run the crawler program. As a result, the articles have anti-crawler mechanisms or verification mechanisms, which require browser cookies or APIs to connect to the official website… The value of technical tools lies in their use, not in creating new obstacles. If users use it “one step at a time”, perhaps they should slow down first.

02

Lobster is a gold-swallowing beast, and using tokens is not cheap.

OpenClaw itself does not have a built-in large language model, but adopts a model-independent design. It needs to be connected to external large models such as Claude, GPT series, DeepSeek or Kimi as the “brain”. Although this architecture gives users flexibility, it also brings continuous economic costs.

Every time a Lobster task is executed, whether it is email writing, web browsing or code generation, an external API needs to be called, which consumes a large amount of tokens (which can be understood as the “words” or “words” of large-scale language models, and is also the billing standard for AI). Taking medium-sized tasks as an example, a complete calendar arrangement and email reply process may consume thousands to tens of thousands of tokens; if the user enables long-term memory, multi-agent collaboration or scheduled wake-up functions, the single-day consumption often exceeds 100,000 tokens. Even if calculated based on the current charging standards for domestic mainstream large models, token consumption will still increase exponentially under high-frequency use. Assuming 100,000 tokens are output every day, it may reach hundreds of yuan after DeepSeek or Kimi.

A recent 36Kr article stated that users with a monthly salary of 20,000 lamented that they “cannot afford AI employees” because OpenClaw is burning money faster than making money.the basic consumption per day can reach 400 yuan, and the extreme case bill for 6 hours is 1,172 yuan. For users with limited budgets or who only need simple questions and answers, such hidden expenses can easily exceed expectations. A rational evaluation of their own task frequency and budget is the prerequisite for deciding whether to “raise lobsters”.

03

Data security issues cannot be ignored

OpenClaw’s powerful execution comes from its deep access to system resources. It can read and write local files, operate browsers, and execute terminal commands. The goal of this design is to achieve a “fully automatic” agent, but it currently also has certain security risks.

According to overseas media reports, high-risk vulnerabilities were exposed in the early stages of the project, including permission bypass and remote code execution risks. Although it was repaired in February 2026 and taken over by the foundation, the community continues to report sporadic security incidents. All local storage of user data seems safe, but in fact it highly relies on the device’s own protection; once the host is invaded or misconfigured, the AI ​​agent may become a “backdoor” for attackers to enter the system. Even more troublesome is that under the autonomous task mechanism, AI may trigger sensitive operations without explicit authorization from the user, such as accidentally deleting important files or leaking private information to external APIs. Even if users strictly limit permissions through the Skills mechanism, model illusion or instruction ambiguity may still lead to unintended consequences. In addition, cross-platform instant messaging access may further expand security vulnerabilities.

On February 5, the Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology of China issued a notice saying that monitoring found that some instances of the OpenClaw open source AI agent have high security risks by default or improper configuration, which can easily lead to network attacks, information leakage and other security issues.

At present, AI technology and tools are in a period of rapid iteration, with new models and easier-to-use products emerging almost every month. Ordinary people face the “shrimp farming craze” and even new tools in the future. They don’t need to worry about missing a specific tool. The technological dividends will eventually trickle down to ordinary users through more mature and easier-to-use products.

Related reading: