OpenClaw opens a wide attack surface on your digital life that cannot be remediated so long as hallucinations and prompt injection remain unsolved problems. Anything built on top of it is equally insecure and probably even more insecure.
I really don't want to yuck anybody's yums or step on dev work that I had nothing to do with, because I've been there and I know it sucks, but OpenClaw is barely secure enough to even play with in a sandbox. Giving it private information about your real business and real business contacts feels like an absolutely insane thing to do.
At best OpenClaw is like a toy... if the toy was a gun and it shot real bullets. This feels like playing Russian roulette with your livelihood.
Watched the demo — the outreach pipeline is impressive technically, but you mentioned midway that the drafted emails came out "kind of robotic" and needed manual editing. If a human still reviews and rewrites each one, where does the actual time saving land — in the data gathering, or somewhere else?
Everything is skills. In a file system. That is the future.
Responding to some HN comments, I understand the focus on Sales Automation and Outreach can be worrysome.
But for me personally, this is where I do all knowledge work. For me it acts like Cursor, Happenstance, News Aggregator, Fun games creator like Pacman (it has an App Store), I can import Notion into editable MD files, create reports and presentations, etc.
In terms of "[XYZ] for agents", I think CRM is a big one that people haven't talked about as much. It becomes super relevant as soon as people start using an agent for anything customer related.
And the design principals are already pretty well established (accounts, contacts, leads, opportunities, custom object model, stages, etc.). It just needs to be turned into a database boilerplate with a bunch of agent tools. Excited to try this out.
This is an OpenClaw framework, so it installs / relies on your existing OpenClaw codebase. I think there has been a ton of requests on Claude Code support, someone has been working on a PR for exactly this, I'll update you here if it ships.
Ha, I get why it looks that way from the CRM angle, but outreach is maybe 5% of what I actually use DenchClaw for day to day.
Yesterday I asked it to pull up all my meeting notes from last week, cross-reference them with my task list, and draft follow-ups. Before that I had it reorganize a messy folder of research PDFs into a structured workspace. I use it to build slides, write code (DenchClaw literally built DenchClaw), manage my calendar, search through old Notion pages I forgot existed.
The CRM part gets attention because that's what people asked for when we talked to power users. But the actual product is just "OpenClaw with a good UI, a file system, and DuckDB, running locally on your Mac." It does whatever you'd normally do on your computer. The browser is yours, the files are yours, the data never leaves your machine.
Think of it less as a sales tool and more as what happens when your entire Mac becomes programmable through natural language. The CRM is one app that runs on top of that. People are already using it for project management, research, personal knowledge bases, all kinds of stuff we didn't plan for.
Nice, this seems interesting. I don't use Obsidian (I use Logseq) but this has given me a couple of ideas for a CRM I am building (it's currently in a Personal Relationship manager phase which I've found useful for about a year or two).
Love this setup! I also use Obsidian, but after DenchClaw I usually just open my Obsidian directory into DenchClaw so I can do anything with it. It has all the needed primitives for me like the markdown editor, graphs, etc.
> It has a CRM focus because we asked a couple dozen hard-core OpenClaw users "what do you actually do", and it was sales automation, lead enrichment, biz dev, creating slides, linkedin outreach, email/notion/calendar stuff, and it's always painful to set up.
So basic automation and forcing the web to be "open"...
No one is talking about how AI is going to destroy business models that are dependent on dark patterns, on walled gardens, on poorly designed one size fits all implementations (so many things wedged sideways into sales force).
I get why it looks that way from the CRM angle, but outreach is maybe 5% of what I actually use DenchClaw for day to day.
Yesterday I asked it to pull up all my meeting notes from last week, cross-reference them with my task list, and draft follow-ups. Before that I had it reorganize a messy folder of research PDFs into a structured workspace. I use it to build slides, write code (DenchClaw literally built DenchClaw), manage my calendar, search through old Notion pages I forgot existed.
The CRM part gets attention because that's what people asked for when we talked to power users. But the actual product is just "OpenClaw with a good UI, a file system, and DuckDB, running locally on your Mac." It does whatever you'd normally do on your computer. The browser is yours, the files are yours, the data never leaves your machine.
Think of it less as a sales tool and more as what happens when your entire Mac becomes programmable through natural language. The CRM is one app that runs on top of that. People are already using it for project management, research, personal knowledge bases, all kinds of stuff we didn't plan for.
Cold calling is not 'spam' because it is essentially done by a human. This is no different than an email spam network. So now this will just become email / linkedin spam done by corporations? I guess we turn up the filters now?
I agree that it is spam of a sort, but I don't think that's how it's generally portrayed. If biz dev and sales are just spammers (because of LLM automation) then we should reclassify them and shun those types of posts.
[astronaut with gun meme]
Neal Stephenson depicts this outcome in his novels as "The Miasma" and introduces a zero knowledge biometric based cryptography scheme used by everyone to validate content, and everyone has to have advanced AI filters in order to pluck out tiny tidbits of signal from among the noise.
We're going to need local AI to sift through the trash. Platforms have been more or less useless at curating content, and it's only smaller sites like HN that have retained a high SNR at this point. It doesn't even matter what media, at this point, video has passed the 2-3 second sniff test. We're seeing boomers get completely sniped by AI videos, even with watermark, showing absurd spin on current events. Text, music, podcasts, video, cartoons, whatever, it's all been infested, and the quality keeps increasing. I've seen a couple 2+ minute seedance productions that have been actually enjoyable, but by June that sort of thing will be one-shot prompting instead of someone gluing together the outputs from 4 difference SoTA AI tools.
It's getting weird, and we're not ready for it, at all.
Wow, sorry, but given how incredibly insecure all the "claw" agent type things are right now, does this really sound wise at all?
It sees everything you do, really? What's it gonna do with that data? You don't know.
Put all your customer data in there, all your customer relationships. It's fine, it couldn't leak all that information, it couldn't screw up any sensitive business details I'm sure. This is gonna go great.
Sorry AFK everybody I'm gonna go get myself a VibeMBA.
Anyway, good luck, I'm really looking forward to the user stories in a few weeks! I'm sure this won't go badly at all.
> DenchClaw finds your Chrome Profile and copies it fully into its own, so you won’t have to log in into all your websites again. DenchClaw sees what you see, does what you do. It’s an everything app, that sits locally on your mac.
Wow that sounds great. Hey don't worry these things never blackmail anyone. Let it know if you're gonna turn it off, I bet it'll make some REAL interesting choices based on your browsing history
I'm always confused by this kind of comment about AI accessing people's chrome history because it seems to imply that the kind of person who uses this tool is both too stupid to know what private browsing is and also is into absolutely heinous stuff.
I feel like the average person is going to be like "oh no it'd be terrible if everyone found out I really like the 'big boobs' category on pornhub"
Privacy and security and whatever this could trample all over are not the same thing.
You may be legally entirely above board (though Cardinal Richelieu wouldn't let that get in the way) but you still might not want your S&M kink to be known or to be outed to conservative friends and family or have your bank account details spread around or have a $$$$$ bill run up in your AWS or LLM logins...
Oh, you have nothing to hide? Kindly paste all your payment and login credentials that your browser stores. Later we'll need to see all your DMs on Facebook, LinkedIn, Slack, Discord, etc.
Finally we'll want to know about disputes you've had with intimate partners, employers and other service providers, especially powerful ones like healthcare, insurance and financial organisations.
In response maybe we should design TCPAclaw. It is specialized in honeypotting all of the random cold call spam, tracks down the source of unsolicited contacts; including registration state, legal contacts, and registered agent(s). It then drafts and sends a TCPA letter and waits for one of two things to happen: Either a $500-$1500 check arriving in your mailbox, or the demand deadline elapses. In case of demand deadline elapse, TCPAclaw files a small claims suit in the appropriate court of jurisdiction.
That's... not a bad idea. The downside is the bot would be doing a lot of these and false-positives would be... embarrassing (like a real investor outreach).
> It has a CRM focus because we asked a couple dozen hard-core OpenClaw users "what do you actually do", and it was sales automation, lead enrichment, biz dev, creating slides, linkedin outreach, email/notion/calendar stuff, and it's always painful to set up.
Fuck me, it's going to get worse before it gets better, isn't it?
I've taken that bit out of the text above - I originally advised Kumar to put it in there (it's actually from the opening of the demo video), but in hindsight, I should have known it would backfire with the HN audience.
The way imports work in DenchClaw is a bit unconventional, when you tell it to "import my HubSpot", the agent literally opens your browser (using the copied Chrome profile), navigates to HubSpot, triggers the export, and then ingests the downloaded files into the workspace DuckDB. So the bottleneck isn't really a fat in-memory ETL... it's more like processing a CSV/JSON export file on disk.
For the DuckDB side specifically: we shell out to the duckdb CLI binary for every query rather than embedding it in the Node process. So each operation gets its own memory space and dies when it's done. the web server at localhost:3100 stays lean regardless of what you're ingesting. DuckDB's out-of-core execution also means it can handle datasets larger than available RAM natively, which is one of the reasons we picked it over SQLite.
For really large exports (think full HubSpot instance with 100k+ contacts), the practical limit is more about the browser export step than DuckDB. HubSpot itself chunks its exports, and we process those chunks as they land. The DuckDB insert is the fast part.
Honestly for CRM-scale data, even a large sales org's full HubSpot, DuckDB eats it for breakfast. Where it would get interesting is if someone tries to throw analytics-scale data at it, but that's not really the use case. Would love to hear how IndexedDB holds up for you at scale in AccIQ, different trade-offs for sure.
> The way imports work in DenchClaw is a bit unconventional, when you tell it to "import my HubSpot", the agent literally opens your browser (using the copied Chrome profile), navigates to HubSpot, triggers the export, and then ingests the downloaded files into the workspace DuckDB.
What’s stopping the agent from doing literally any other thing in HubSpot? You know, small stuff like editing/deleting records, sensing emails, launching marketing campaigns, deleting reports, etc.
Our HubSpot import seed skills have strong always on prompts for asking user before doing any action, and it knowing where to click. For actions faster than browser, the skill also knows how to use hubspot cli.
Ideally for these pursposes, I would ALWAYS use Claude Opus 4.6 for this stuff, personally I have never seen it do unintended things to that extent.
Also, when the browser opens you can supervise it doing the thing, since you can see what its doing, you can always stop it if it ever goes wrong.
I really don't want to yuck anybody's yums or step on dev work that I had nothing to do with, because I've been there and I know it sucks, but OpenClaw is barely secure enough to even play with in a sandbox. Giving it private information about your real business and real business contacts feels like an absolutely insane thing to do.
At best OpenClaw is like a toy... if the toy was a gun and it shot real bullets. This feels like playing Russian roulette with your livelihood.
Responding to some HN comments, I understand the focus on Sales Automation and Outreach can be worrysome.
But for me personally, this is where I do all knowledge work. For me it acts like Cursor, Happenstance, News Aggregator, Fun games creator like Pacman (it has an App Store), I can import Notion into editable MD files, create reports and presentations, etc.
And the design principals are already pretty well established (accounts, contacts, leads, opportunities, custom object model, stages, etc.). It just needs to be turned into a database boilerplate with a bunch of agent tools. Excited to try this out.
[1]: https://xcancel.com/kumareth/status/2023534527113818625
Yesterday I asked it to pull up all my meeting notes from last week, cross-reference them with my task list, and draft follow-ups. Before that I had it reorganize a messy folder of research PDFs into a structured workspace. I use it to build slides, write code (DenchClaw literally built DenchClaw), manage my calendar, search through old Notion pages I forgot existed.
The CRM part gets attention because that's what people asked for when we talked to power users. But the actual product is just "OpenClaw with a good UI, a file system, and DuckDB, running locally on your Mac." It does whatever you'd normally do on your computer. The browser is yours, the files are yours, the data never leaves your machine.
Think of it less as a sales tool and more as what happens when your entire Mac becomes programmable through natural language. The CRM is one app that runs on top of that. People are already using it for project management, research, personal knowledge bases, all kinds of stuff we didn't plan for.
[1] https://www.ssp.sh/brain/managing-my-business-with-obsidian/
Thanks for sharing.
So basic automation and forcing the web to be "open"...
No one is talking about how AI is going to destroy business models that are dependent on dark patterns, on walled gardens, on poorly designed one size fits all implementations (so many things wedged sideways into sales force).
Yesterday I asked it to pull up all my meeting notes from last week, cross-reference them with my task list, and draft follow-ups. Before that I had it reorganize a messy folder of research PDFs into a structured workspace. I use it to build slides, write code (DenchClaw literally built DenchClaw), manage my calendar, search through old Notion pages I forgot existed.
The CRM part gets attention because that's what people asked for when we talked to power users. But the actual product is just "OpenClaw with a good UI, a file system, and DuckDB, running locally on your Mac." It does whatever you'd normally do on your computer. The browser is yours, the files are yours, the data never leaves your machine.
Think of it less as a sales tool and more as what happens when your entire Mac becomes programmable through natural language. The CRM is one app that runs on top of that. People are already using it for project management, research, personal knowledge bases, all kinds of stuff we didn't plan for.
We're going to need local AI to sift through the trash. Platforms have been more or less useless at curating content, and it's only smaller sites like HN that have retained a high SNR at this point. It doesn't even matter what media, at this point, video has passed the 2-3 second sniff test. We're seeing boomers get completely sniped by AI videos, even with watermark, showing absurd spin on current events. Text, music, podcasts, video, cartoons, whatever, it's all been infested, and the quality keeps increasing. I've seen a couple 2+ minute seedance productions that have been actually enjoyable, but by June that sort of thing will be one-shot prompting instead of someone gluing together the outputs from 4 difference SoTA AI tools.
It's getting weird, and we're not ready for it, at all.
It sees everything you do, really? What's it gonna do with that data? You don't know.
Put all your customer data in there, all your customer relationships. It's fine, it couldn't leak all that information, it couldn't screw up any sensitive business details I'm sure. This is gonna go great.
Sorry AFK everybody I'm gonna go get myself a VibeMBA.
Anyway, good luck, I'm really looking forward to the user stories in a few weeks! I'm sure this won't go badly at all.
Wow that sounds great. Hey don't worry these things never blackmail anyone. Let it know if you're gonna turn it off, I bet it'll make some REAL interesting choices based on your browsing history
I feel like the average person is going to be like "oh no it'd be terrible if everyone found out I really like the 'big boobs' category on pornhub"
You may be legally entirely above board (though Cardinal Richelieu wouldn't let that get in the way) but you still might not want your S&M kink to be known or to be outed to conservative friends and family or have your bank account details spread around or have a $$$$$ bill run up in your AWS or LLM logins...
Finally we'll want to know about disputes you've had with intimate partners, employers and other service providers, especially powerful ones like healthcare, insurance and financial organisations.
Fight fire with fire.
Sigh.
Fuck me, it's going to get worse before it gets better, isn't it?
For the DuckDB side specifically: we shell out to the duckdb CLI binary for every query rather than embedding it in the Node process. So each operation gets its own memory space and dies when it's done. the web server at localhost:3100 stays lean regardless of what you're ingesting. DuckDB's out-of-core execution also means it can handle datasets larger than available RAM natively, which is one of the reasons we picked it over SQLite.
For really large exports (think full HubSpot instance with 100k+ contacts), the practical limit is more about the browser export step than DuckDB. HubSpot itself chunks its exports, and we process those chunks as they land. The DuckDB insert is the fast part.
Honestly for CRM-scale data, even a large sales org's full HubSpot, DuckDB eats it for breakfast. Where it would get interesting is if someone tries to throw analytics-scale data at it, but that's not really the use case. Would love to hear how IndexedDB holds up for you at scale in AccIQ, different trade-offs for sure.
What’s stopping the agent from doing literally any other thing in HubSpot? You know, small stuff like editing/deleting records, sensing emails, launching marketing campaigns, deleting reports, etc.
Ideally for these pursposes, I would ALWAYS use Claude Opus 4.6 for this stuff, personally I have never seen it do unintended things to that extent.
Also, when the browser opens you can supervise it doing the thing, since you can see what its doing, you can always stop it if it ever goes wrong.