Following the huge success of OpenClaw, more AI agents like 'Claw' have appeared one after another, but OpenAI co-founder expressed concerns about OpenClaw's security.

Following the AI agent framework ' OpenClaw ,' Andrei Karpathy, co-founder of OpenAI and computer scientist, has proposed the concept of 'Claw,' a new technology category and concept that sits on a layer above AI agents.

Bought a new Mac mini to properly tinker with claws over the weekend. The apple store person told me they are selling like hotcakes and everyone is confused :)

I'm definitely a bit sus'd to run OpenClaw specifically - giving my private data/keys to 400K lines of vibe coded…

— Andrej Karpathy (@karpathy) February 20, 2026

Andrej Karpathy talks about 'Claws'
https://simonwillison.net/2026/Feb/21/claws/

Karpathy pointed out that OpenClaw's code base is massive, at 400,000 lines, much of which is AI-generated vibe coding. 'OpenClaw is built on a huge code base of 400,000 lines of vibe coding, which is a 'security nightmare' with concerns about vulnerabilities, supply chain contamination, and the inclusion of malicious skills,' he said.

In fact, while OpenClaw allows users to grant any permissions they want, there are no security checks to control them. In particular, OpenClaw uses extensions called 'skills' to enable various tasks such as file manipulation and text processing, but it has been reported that a large amount of malware disguised as these skills is already in circulation.

Hundreds of malware disguised as OpenClaw's 'AI skills' have been uploaded - GIGAZINE

On the other hand, Karpathy praised the idea of OpenClaw, calling it 'a system that runs on personal hardware, interacts with users via messaging apps, and autonomously executes tasks, schedules tasks, maintains context, and more.'

Karpathy introduced new Claws based on the ideas of OpenClaw, such as NanoClaw , nanobot , ZeroClaw , IronClaw , and PicoClaw , and defined Claw as a new layer in the AI stack that takes agent functionality to the next level, just as LLM agents were a layer above LLM.

Karpathy's comments sparked a heated debate on the social news site Hacker News , with one technologist questioning the novelty of Claw, pointing out that it's 'nothing more than a package that combines existing agent technologies and cron jobs.'

On the other hand, some cited the example of Dropbox, which succeeded in popularizing rsync despite appearing to be a simple packaged version, saying , 'Claw's ease of setup and ability to be operated via a messaging app are true innovations,' and 'Claw may not be a great idea, but it certainly sparks inspiration and imagination for the future.'

Engineer and blogger Simon Willison also fully endorses the term 'Claw,' calling it 'an accurate term following terms like vibecoding' and positioning it as an important category name that represents a new evolution in AI agents.