OpenClaw isn't fooling me. I remember MS-DOS

Original Article ↗ Hacker News Discussion ↗

Perceived Value and Real‑World Use Cases

  • Many commenters see OpenClaw/agent setups as mostly hobbyist toys or hype; some tried them, found them janky or without a compelling use case, and turned them off.
  • Others report concrete value:
    • Coding “interns” that implement plans, manage branches, or work on a separate workstation/VPS.
    • Infrastructure agents that watch flaky dev servers and auto‑fix issues while logging “learnings.”
    • Marketing/social agents that draft posts and graphics, or monitor support queues and nag humans.
    • Personal assistants that monitor email (read‑only), calendars, gym schedules, bands’ tour dates, etc.
    • Smart‑home control, media downloading, and light IT maintenance.
  • Several people compare this to early home computers or 3D printers: currently more about tinkering/learning than net time savings.

Cost, Access, and ROI

  • A recurring flashpoint is cost: some users spend around $180/month in API credits; critics call that absurd for “playing music and downloading movies.”
  • Comparisons are drawn to live‑in au pairs or cheaper VAs, highlighting how out‑of‑reach this is for “ordinary people.”
  • Others argue costs can be cut with cheaper models, local inference, or by using agents sparingly (e.g., Hermes tasks at ~$0.25 each).
  • Long‑term GPU economics vs API use are debated; consensus leans toward APIs being cheaper and better for individuals while proprietary models advance rapidly.

Security, Privacy, and Safety Concerns

  • Core concern: agents combining private data, untrusted content, and external actions (email, GitHub, payments) are a “ticking bomb.”
  • Fear of prompt injection, credential exfiltration, destructive actions (deleting mail, nuking repos) and broad blast radius.
  • Many insist they will not give agents payment credentials or high‑risk powers; others cautiously do so with strong limits (read‑only access, manual approvals, separate machines/VPSs, prepaid keys).

Architecture & Sandboxing Debate

  • Strong criticism of “sandbox the whole agent” approaches; argued to be MS‑DOS‑like: one big box, no real isolation.
  • Advocated alternatives:
    • Tool‑level permissions and whitelisted arguments.
    • Per‑channel process isolation, encrypted credential vaults, typed secrets, and auditable logs.
    • Secret proxies outside the sandbox (HTTP proxies that inject tokens).
    • Workflow engines where each new “task” is deployed as a minimal‑privilege app.
  • Memory and autonomy are seen as unsolved: naive “heartbeat cron + huge context + RAG” is described as expensive, brittle, and eventually collapsing under its own weight.

Broader Reflections and Historical Analogies

  • Comparisons to MS‑DOS, Windows 98, IoT home automation, and “worse is better”: crude, insecure tools that nonetheless may win by being first and convenient.
  • Some think OpenClaw‑style assistants are inevitable and will be hardened over time; others see them as a niche for enthusiasts and enterprise “digital glue,” not a mass‑market revolution.