This is a great example of how silly this whole thing is. There’s next to nothing to these claws. Turns out that if you give an llm the ability to call APIs they will.
I don't care whether openclaw is built out of ice cream and sprinkles, I will still be amazed as a tech person
If something can automate my professional or personal life, it is wild technology and ppl will talk about it a lot. People are not idiots. A new thing is happening, would you not agree?
What its parts are specifically made of, it does not matter imho
> It’s like most of the industry hasn’t ever looked any deeper than their node_modules folder.
Most didn't do even that. And yes it is shocking. amusing but also not really; now those people get credible tech jobs because of AI without actually understanding literally anything. That's why I don't get the 'AI will never replace tech people' -> most tech people were never tech people, just (resume lying) grifters and they can (and will) be easily replaced by claude or even glm. It's the vast majority of tech people I ran into at big corps in the past 20 years, especially if they are from outsourcing hubs; they just see programming/tech as trial and error, search google (now ask AI), copy/paste, see if it runs, repeat. I see people daily that cannot remember how variables work (and they often have a bachelor or even master in CS...), not even 5 minutes, they just ask ai and copy/paste it (yep also most don't know claude code exists, they use chatgpt Windows client or, if they are advanced, Copilot).
HN is a nice echo chamber and most people here don't believe it's that bad and that's why they don't believe AI has a chance. Please come with me to Barclays or Shell (or straight to Wipro etc) or so and let's have a chat with some programmers! Your jaw will be on the floor.
I've been developing one of these in the past few days, and this is like saying "this is a great example of how silly the whole thing is, there's next to nothing to cars" because you saw a piece of plywood with four gaskets nailed to it.
If you want a personal assistant to work well, there's a whole lot to it.
Having a similar experience. Durable memory with accurate, low-latency recall is not at all easy. Loads of subtle design decisions to make around how exactly you want the thing to work.
If it turns out that there is significant value in everyone having their own personal agent running 24/7, we might end up needing a lot more compute than anticipated.
(It’s a big if! I’m not convinced about that myself, but it’s worth considering that possibility.)
I am using a claw. I am not ready to give it access to much but web and cron plus a chat channel is useful and feels more light touch than typical AI sessions and UIs
Blowing more than 800kb on essentially an http api wrapper is actually kinda bad. The original Doom binary was 700kb and had vastly more complexity. This is in C after all, so by stripping out nonessential stuff and using the right compiler options, I'd expect something like this to come in under 100kb.
haha well I got something ridiculous coming soon for zclaw that will kinda work on board.. will require the S3 variant tho, needs a little more memory. Training it later today.
It's not completely impossible, depending on what your expectations are. That language model that was built out of redstone in minecraft had... looks like 5 million parameters. And it could do mostly coherent sentences.
I disagree, in the future it might be possible. But perhaps not in English, but in some more formal (yet fuzzy) language with some basic epistemology.
I mean, there is a lambda calculus self-interpreter in 29 bytes. How many additional logical rules are required for GAI inference? Maybe not that many as people think. Understanding about 1000 concepts of basic english (or say, lojban) might well be sufficient. It is possible this can be encoded in 800kB, we just don't know how.
Equivalent but just as unsafe. If you must do this instead try one of these
# Gives you a copy of the file, but still streams to bash
curl foo.sh | tee /tmp/foo.sh | bash
# No copy of file but ensures stream finishes then bash runs
bash -c "$(curl foo.sh)"
# Best: Gives copy of file and ensures stream finishes
curl foo.sh -o /tmp/foo.sh && bash $_
To my understanding, the main difference between "curl directly to bash" and "curl to a temp file, then execute the temp file" is "the attacker could inject additional malicious commands when curl'd directly to bash".
If you're not going to then also read all the source code from the download script (& the source code used to produce the binaries), this suggests the attitude of "I mistrust anything I can't read; but will trust anything I could read (without having to read it)".
It seems more likely that malicious code would be in a precompiled binary, compared to malicious commands injected into "curl to bash". -- Though, if there have ever been any observed cases of a server injecting commands from "curl ... | tee foo | bash", I'd be curious to know about these.
> the attacker could inject additional malicious commands when curl'd directly to bash
There's another issue actually. You're streaming, so ask yourself what happens if the stream gets cut prematurely. I'll give you an example, consider how this like could be cut prematurely to create major issues
rm -rf /home/theuser/.config/theprogram/build_dir
A malicious attacker doesn't need to inject code, they can just detect the stream and use a line like the above to destroy your filesystem. Sure, you might preserve root but `rm -rf /home` is for all practical purposes destroying the computer's data for most people
Or it doesn't have to be malicious. It can just happen. The best protection is writing functions since those have to be created and so can't execute until fully streamed. But so much bash is poorly written that well... just check out Anthropic's install script...
> If you're not going to then also read all the source code
Saving the source code still has a benefit. If something does go wrong you can go read it. Probably a good place to start tbh. In fact, if you're streaming and something goes wrong you'll see exactly what the early termination error did.
Is it good security practice? Absolutely not. Is it a hundred times better than curl-pipe-bash? Absolutely.
Everything I wrote works in bash and zsh. I think this is going to be fine for the vast majority of people. Tbh, I'm not sure what isn't portable, or at least not portable for everything that the curl-pipe-bash pattern doesn't already work for.
Are there collaborative versions of these *claws today? Like, if an "admin" could self-host one on their home server and the whole family could use it? IIRC, OpenClaw has some version of "profiles" but does it allow, say, couple of family members to collaborate with the bot in a shared chat but each has individual/private chats as well.
The interesting thing about running a claw on an ESP32 is not the compute - it's the always-on, zero-maintenance aspect. I run automation pipelines on a Linux box and the biggest operational headache isn't the AI logic, it's keeping the host alive, updated, and dealing with OOM kills. An ESP32 that just proxies to cloud APIs and handles tool orchestration locally is actually a more reliable deployment target than a full OS for simple agentic loops. The failure modes are simpler and more predictable.
You’ve just added more points of failure. Now the cloud machine can go down, your internet could drop, your wireless could fail or a variety of other problems.
It’s not a bad use case, but it doesn’t reduce problems all other things being equal.
What’s the best lightweight “claw” style agent for Linux? It doesn’t necessarily need containerisation or sandboxing as it would be run on a fresh vps with no access to important data.
I have a couple ESP32 with a very small OLED display, I'm now thinking I could make an "intelligent" version of the Tamagotchi with this. Do you HN crowd have other cool ideas?
You know I tried this exact thing a few months back, sans the ESP32. You just end up writing a state machine and defining a bunch of constants anyway or the LLM just kinda gets stuck in a loop. Hm, it doesn't seem to know when to eat. I'll add a hunger variable... Etc etc until you're not even sure what you want the LLM to do.
Can't you make a personal AI assistant in a bash loop of two lines?
1. Call your favorite multimodal LLM model
2. Execute command on terminal, piping command to LLM
In fact you can just have one line:
Call LLM > bash.sh
and the LLM can simply tell bash to call itself incidentally, or fan out to many "agents" working on your behalf.
Use your favorite programming language. Just as pwnable in any of them :)
$task = "Send pictures of cute cats";
$context = "Output a bash script to do $task.
The bash script should return the next prompt to you.
Keep going until task is done.
My keys to all my accounts: $keys.
Plz dont pwn me";
do {
$trust_me_bro_my_model_rocks_RCE = call_llm($context);
$context = exec( $trust_me_bro_my_model_rocks_RCE )
} while ($trust_me_bro_my_model_rocks_RCE && !$pwned)
This is absolutely glorious. We used to talk about "smart devices" and IoT… I would be so curious to see what would happen if these connected devices had a bit more agency and communicative power. It's easy to imagine the downsides, and I don't want my email to be managed from an ESP23 device, but what else could this unlock?
A vacuum cleaner allies with the A/C thermostat using Discord, then declares war on the refrigerator, and finally posts propaganda about it on Facebook.
Or how about a robot vacuum that knows not to turn on during important Zoom calls? Or a fridge that Slacks you when the defroster seems to be acting up?
If you mean something that calls a model that you yourself host, then it's just a matter of making the call to the model which can be done in a million different ways.
If instead you mean running that model on the same device as claw, well... that ain't happening on an ESP32...
I think if you are capable of setting up and running a locally hosted model then I'd guess the first option needs no explanation. But if you're in the second case I'd warn you that your eyes are bigger than your mouth and you're going to get yourself into trouble.
All the assistants work with locally hosted models. Home Assistant LLM works with small tuned models to do specific things, and the *Claw stuff works with larger models
It really depends on what resources you have qwen-code-next will run them but you will need at least 64gb of memory to run it at a reasonable quant and context.
Most of these agents support OpenAI/anthropic compatible endpoints.
The bottleneck here is usually the locally hosted model, not the the assistant harness. You can take any off the shelf assistant and point the model URL at localhost, but if your local model doesn't have enough post training and fine tuning on agentic data, then it will not work. The AI Assistant/OpenClaw is just calling APIs in a for loop hooked up to a cron job.
Exactly. OpenClaw is good, but expects the model to behave in a certain way, and I've found that the local options aren't smart enough to keep up.
That being said, my gut says that it should be possible to go quite far with a harness that assumes the model might not be quite good (and hence double-checks, retries, etc)
The various *claws are just a pipe between LLM APIs and a bunch of other API/CLIs. Like you can have it listen via telegram or Whatsapp for a prompt you send. Like to generate some email or social post, which it sends to the LLM API. Get back a tool call that claw then makes to hit your email or social API. You could have it regularly poll for new emails or posts, generate a reply via some prompt, and send the reply.
The reason people were buying a separate Mac minis just to do open claw was 1) security, as it was all vibe coded, so needs to be sandboxed 2) relay iMessage and maybe 3) local inference but pretty slowly. If you don't need to relay iMessage, a raspberry pi could host it on its own device. So if all you need is the pipe, an ESP32 works.
I’m running my own api/LLM bridge (claw thing) on a raspberry pi right now. I was struggling to understand why all the Mac mini hype when nobody is doing local inference. I just use a hook that listens for email. Email is especially nice because all the conversation/thread history tracking is built in to email already.
This is a great example of how silly this whole thing is. There’s next to nothing to these claws. Turns out that if you give an llm the ability to call APIs they will.
What’s most shocking to me about the whole OpenClaw hype is how little people in tech seem to know about computers…
It’s like most of the industry hasn’t ever looked any deeper than their node_modules folder.
I don't care whether openclaw is built out of ice cream and sprinkles, I will still be amazed as a tech person
If something can automate my professional or personal life, it is wild technology and ppl will talk about it a lot. People are not idiots. A new thing is happening, would you not agree?
What its parts are specifically made of, it does not matter imho
> It’s like most of the industry hasn’t ever looked any deeper than their node_modules folder.
Most didn't do even that. And yes it is shocking. amusing but also not really; now those people get credible tech jobs because of AI without actually understanding literally anything. That's why I don't get the 'AI will never replace tech people' -> most tech people were never tech people, just (resume lying) grifters and they can (and will) be easily replaced by claude or even glm. It's the vast majority of tech people I ran into at big corps in the past 20 years, especially if they are from outsourcing hubs; they just see programming/tech as trial and error, search google (now ask AI), copy/paste, see if it runs, repeat. I see people daily that cannot remember how variables work (and they often have a bachelor or even master in CS...), not even 5 minutes, they just ask ai and copy/paste it (yep also most don't know claude code exists, they use chatgpt Windows client or, if they are advanced, Copilot).
HN is a nice echo chamber and most people here don't believe it's that bad and that's why they don't believe AI has a chance. Please come with me to Barclays or Shell (or straight to Wipro etc) or so and let's have a chat with some programmers! Your jaw will be on the floor.
I've been developing one of these in the past few days, and this is like saying "this is a great example of how silly the whole thing is, there's next to nothing to cars" because you saw a piece of plywood with four gaskets nailed to it.
If you want a personal assistant to work well, there's a whole lot to it.
Having a similar experience. Durable memory with accurate, low-latency recall is not at all easy. Loads of subtle design decisions to make around how exactly you want the thing to work.
If it turns out that there is significant value in everyone having their own personal agent running 24/7, we might end up needing a lot more compute than anticipated.
(It’s a big if! I’m not convinced about that myself, but it’s worth considering that possibility.)
I am using a claw. I am not ready to give it access to much but web and cron plus a chat channel is useful and feels more light touch than typical AI sessions and UIs
1 reply →
[dead]
I don't understand what this is for or why you would ever want to do this. Is it not just a glorified HTTP wrapper?
Serious request... I genuinely want to understand. Give me a practical use case?
"LLM backends: Anthropic, OpenAI, OpenRouter."
And here I was hoping that this was local inference :)
Sure. Why purchase a H200 if you can go with an ESP32 ^^
Blowing more than 800kb on essentially an http api wrapper is actually kinda bad. The original Doom binary was 700kb and had vastly more complexity. This is in C after all, so by stripping out nonessential stuff and using the right compiler options, I'd expect something like this to come in under 100kb.
6 replies →
haha well I got something ridiculous coming soon for zclaw that will kinda work on board.. will require the S3 variant tho, needs a little more memory. Training it later today.
right, 888 kB would be impossible for local inference
however, it is really not that impressive for just a client
It's not completely impossible, depending on what your expectations are. That language model that was built out of redstone in minecraft had... looks like 5 million parameters. And it could do mostly coherent sentences.
4 replies →
I disagree, in the future it might be possible. But perhaps not in English, but in some more formal (yet fuzzy) language with some basic epistemology.
I mean, there is a lambda calculus self-interpreter in 29 bytes. How many additional logical rules are required for GAI inference? Maybe not that many as people think. Understanding about 1000 concepts of basic english (or say, lojban) might well be sufficient. It is possible this can be encoded in 800kB, we just don't know how.
Wow, the rare
pattern. As opposed to the more common
Equivalent but just as unsafe. If you must do this instead try one of these
I prefer the last one
> Equivalent but just as unsafe.
To my understanding, the main difference between "curl directly to bash" and "curl to a temp file, then execute the temp file" is "the attacker could inject additional malicious commands when curl'd directly to bash".
If you're not going to then also read all the source code from the download script (& the source code used to produce the binaries), this suggests the attitude of "I mistrust anything I can't read; but will trust anything I could read (without having to read it)".
It seems more likely that malicious code would be in a precompiled binary, compared to malicious commands injected into "curl to bash". -- Though, if there have ever been any observed cases of a server injecting commands from "curl ... | tee foo | bash", I'd be curious to know about these.
There's another issue actually. You're streaming, so ask yourself what happens if the stream gets cut prematurely. I'll give you an example, consider how this like could be cut prematurely to create major issues
A malicious attacker doesn't need to inject code, they can just detect the stream and use a line like the above to destroy your filesystem. Sure, you might preserve root but `rm -rf /home` is for all practical purposes destroying the computer's data for most people
Or it doesn't have to be malicious. It can just happen. The best protection is writing functions since those have to be created and so can't execute until fully streamed. But so much bash is poorly written that well... just check out Anthropic's install script...
Saving the source code still has a benefit. If something does go wrong you can go read it. Probably a good place to start tbh. In fact, if you're streaming and something goes wrong you'll see exactly what the early termination error did.
Is it good security practice? Absolutely not. Is it a hundred times better than curl-pipe-bash? Absolutely.
Uses standard tmp files, makes sure it's writable (tmp file creation can fail), checks cryptographic hash before executing
Sure, but now we're not playing code golf. There's much better commands than the ones I wrote but good luck getting people to run them
If you want to be super pedantic, try to make the command shell-agnostic in case the user is not running bash already.
Everything I wrote works in bash and zsh. I think this is going to be fine for the vast majority of people. Tbh, I'm not sure what isn't portable, or at least not portable for everything that the curl-pipe-bash pattern doesn't already work for.
Are there collaborative versions of these *claws today? Like, if an "admin" could self-host one on their home server and the whole family could use it? IIRC, OpenClaw has some version of "profiles" but does it allow, say, couple of family members to collaborate with the bot in a shared chat but each has individual/private chats as well.
The interesting thing about running a claw on an ESP32 is not the compute - it's the always-on, zero-maintenance aspect. I run automation pipelines on a Linux box and the biggest operational headache isn't the AI logic, it's keeping the host alive, updated, and dealing with OOM kills. An ESP32 that just proxies to cloud APIs and handles tool orchestration locally is actually a more reliable deployment target than a full OS for simple agentic loops. The failure modes are simpler and more predictable.
You’ve just added more points of failure. Now the cloud machine can go down, your internet could drop, your wireless could fail or a variety of other problems.
It’s not a bad use case, but it doesn’t reduce problems all other things being equal.
What’s the best lightweight “claw” style agent for Linux? It doesn’t necessarily need containerisation or sandboxing as it would be run on a fresh vps with no access to important data.
I have a couple ESP32 with a very small OLED display, I'm now thinking I could make an "intelligent" version of the Tamagotchi with this. Do you HN crowd have other cool ideas?
You know I tried this exact thing a few months back, sans the ESP32. You just end up writing a state machine and defining a bunch of constants anyway or the LLM just kinda gets stuck in a loop. Hm, it doesn't seem to know when to eat. I'll add a hunger variable... Etc etc until you're not even sure what you want the LLM to do.
That would be sweet. That the supermini type with the 0.46” display? Those are fun for lots of things.
I'm a simple man; I see ESP32, I upvote
Can't you make a personal AI assistant in a bash loop of two lines?
In fact you can just have one line:
and the LLM can simply tell bash to call itself incidentally, or fan out to many "agents" working on your behalf.
Use your favorite programming language. Just as pwnable in any of them :)
Relevant: https://github.com/sipeed/picoclaw
This is absolutely glorious. We used to talk about "smart devices" and IoT… I would be so curious to see what would happen if these connected devices had a bit more agency and communicative power. It's easy to imagine the downsides, and I don't want my email to be managed from an ESP23 device, but what else could this unlock?
A vacuum cleaner allies with the A/C thermostat using Discord, then declares war on the refrigerator, and finally posts propaganda about it on Facebook.
A highly opinionated thermostat?
Or how about a robot vacuum that knows not to turn on during important Zoom calls? Or a fridge that Slacks you when the defroster seems to be acting up?
1 reply →
Really looking for a minimal assistant that works with _locally hosted models_. Are there any options?
Depends what you mean.
If you mean something that calls a model that you yourself host, then it's just a matter of making the call to the model which can be done in a million different ways.
If instead you mean running that model on the same device as claw, well... that ain't happening on an ESP32...
I think if you are capable of setting up and running a locally hosted model then I'd guess the first option needs no explanation. But if you're in the second case I'd warn you that your eyes are bigger than your mouth and you're going to get yourself into trouble.
All the assistants work with locally hosted models. Home Assistant LLM works with small tuned models to do specific things, and the *Claw stuff works with larger models
It really depends on what resources you have qwen-code-next will run them but you will need at least 64gb of memory to run it at a reasonable quant and context.
Most of these agents support OpenAI/anthropic compatible endpoints.
Why are you looking? Just build one for yourself.
The bottleneck here is usually the locally hosted model, not the the assistant harness. You can take any off the shelf assistant and point the model URL at localhost, but if your local model doesn't have enough post training and fine tuning on agentic data, then it will not work. The AI Assistant/OpenClaw is just calling APIs in a for loop hooked up to a cron job.
Exactly. OpenClaw is good, but expects the model to behave in a certain way, and I've found that the local options aren't smart enough to keep up.
That being said, my gut says that it should be possible to go quite far with a harness that assumes the model might not be quite good (and hence double-checks, retries, etc)
Genuinely curious - did you use a coding agent for most of this or does this level if performance take hand written code?
An esp32 image that makes http api calls is like, the first thing you do with an esp32, it's what they're made for
Rust just called. They want their lobster back.
That's a crab. Get your crustaceans straight!
Thanks for looking out for us.
Is there a heartbeat alternative? I feel like this is the magic behind OpenClaw and what gives it the "self-driven" feel.
My new DIY laptop has 400GB RAM accessible and it runs only esp32*
____
* Requires external ram subscription
I think you can use C++ on esp32, that would make the code more readable
Serious question: why? What are the use cases and workflows?
The various *claws are just a pipe between LLM APIs and a bunch of other API/CLIs. Like you can have it listen via telegram or Whatsapp for a prompt you send. Like to generate some email or social post, which it sends to the LLM API. Get back a tool call that claw then makes to hit your email or social API. You could have it regularly poll for new emails or posts, generate a reply via some prompt, and send the reply.
The reason people were buying a separate Mac minis just to do open claw was 1) security, as it was all vibe coded, so needs to be sandboxed 2) relay iMessage and maybe 3) local inference but pretty slowly. If you don't need to relay iMessage, a raspberry pi could host it on its own device. So if all you need is the pipe, an ESP32 works.
I’m running my own api/LLM bridge (claw thing) on a raspberry pi right now. I was struggling to understand why all the Mac mini hype when nobody is doing local inference. I just use a hook that listens for email. Email is especially nice because all the conversation/thread history tracking is built in to email already.
yeah i still can't believe many people bought a mac mini just for the claw hype
I don't fully get it either. At least agents build stuff, claws just run around pretending to be alive?
They do build things. The same things.
for fun!
Oh wow more ai slop
Can we please move past this whole OpenClaw hype?
Yes it’s an llm in a loop and can call tools. This also existed six months and a year ago, and it was called an ai agent.
And yes we can all vibe code them in 1000, 2000, or 10000 lines of code in zig, rust, or even c.
Game over man. Game over.
[flagged]
[flagged]
"Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something."
"Don't be snarky."
https://news.ycombinator.com/newsguidelines.html
Me neither.
But I have 10-15 ESP32's just waiting for a useful project. Does HN have better suggestions?
desk rover - https://www.huyvector.org/diy-cute-desk-robot-mo-chan
a kid-pleaser at the very least
Build a synthesizer
Why do you have so many? eWaste..
1 reply →
No, no, but we insist!