Claws are now a new layer on top of LLM agents

Posted by Cyphase 1 day ago

Claws are now a new layer on top of LLM agents(twitter.com)

https://xcancel.com/karpathy/status/2024987174077432126

167 points | 611 commentspage 3

tabs_or_spaces 4 hours ago|

I'm confused and frustrated by this naming of "claws"

* I think my biggest frustration is that I don't know how security standards just gets blatantly ignored for the sake of ai progress. It feels really weird that folks with huge influence and reputation in software engineering just promotes this * The confusion comes in because for some reason we decide to drop our standards at a whim. Lines of code as the measurement of quality, ignoring security standards when adopting something. We get taught to not fall for shiny object syndrome, but here we are showing the same behaviour for anything AI related. Maybe I struggle with separating hobbyist coding from professional coding, but this whole situation just confuses me

I think I expected better from influential folks promoting AI tools to at least check validate the safety of using them. "Vibe coding" was safe, claws are not yet safe at all.

tryauuum 3 hours ago|

maybe they are enthusiastic about the evolution.

thousands of copies of shitty code, only the best will survive

I know it's hard to be enthusiastic about bad code, but worked well enough for the evolution of life on earth

ramoz 3 hours ago||

People are not understanding that “claw” derives from the original spin on “Claude” when the original tool was called “clawdbot”

bravetraveler 16 hours ago||

I read [and comment on] two influencers maintaining their circles

ollybrinkman 6 hours ago||

The challenge with layering on top of LLM agents is payment — agents need to call external tools and services, but most APIs still require accounts and API keys that agents can't manage. The x402 standard (HTTP 402 + EIP-712 USDC signatures) solves this cleanly: agent holds a wallet, signs a micropayment per call, no account needed. Worth considering as a primitive for agent-to-agent commerce in these architectures.

daxfohl 6 hours ago|

Could a malicious claw sidechannel this by creating a localhost service and calling that with the signed micropayment, to get the decrypted contents of the wallet or anything?

fxj 15 hours ago||

He also talks about picoclaw which even runs on $10 hardware and is a fork by sipeed, a chinese company who does IoT.

https://github.com/sipeed/picoclaw

another chinese coompany m5stack provides local LLMs like Qwen2.5-1.5B running on a local IoT device.

https://shop.m5stack.com/products/m5stack-llm-large-language...

Imagine the possibilities. Soon we will see claw-in-a-box for less than $50.

mycall 13 hours ago||

> Imagine the possibilities

1.5B models are not very bright which doesn't give me much hope for what they could "claw" or accomplish.

alansaber 12 hours ago||

A 1.5b can be very good at a domain specific task like an entity extraction. An openrouter which routes to highly specialised LMs could be successful but yeah not seen it in reality myself

backscratches 13 hours ago||

It's just sending API calls to anthropic, $50 is overkill.

jesse_dot_id 4 hours ago||

I'd be kind of shocked if this didn't trigger the most harmful worm of all time eventually.

ramoz 3 hours ago|

AI is set to do that on its own given containment + alignment problems.

arjie 17 hours ago||

The openclaw rough architecture isn’t bad but I enjoyed building my own version. I chose rustlang and it works like I want. I made it a separate email address etc. and Apple ID. The biggest annoyance is that I can’t share Google contacts. But otherwise it’s great. I’m trying to find a way to give it a browser and a credit card (limited spend of course) in a way I can trust.

It’s lots of fun.

tomashubelbauer 8 hours ago|

I also built the equivalent of OpenClaw myself sometime when it was still called Clawdbot and I'm confused how LLMs can be both heralds of the era of personal apps and everyone at the same time be using the same vibe coded personal LLM assistant someone else made, much less it being worth an OpenAI acquisition. I agree building one yourself is very fun.

nunez 4 hours ago||

I guess it's relieving to know that us developers will never get good at naming things!

Angostura 3 hours ago|

Don't worry, Microsoft will eventually name theirs something worse, probably pre-prepended with 'Viva'

... actually, no - they'll just call it Copilot to cause maximum confusion with all the other things called Copilot

panda888888 3 hours ago||

I really don't understand what a claw is. Can someone ELI5?

bjackman 16 hours ago|

Does anyone know a Claw-like that:

- doesnt do its own sandboxing (I'll set that up myself)

- just has a web UI instead of wanting to use some weird proprietary messaging app as its interface?

rane 6 hours ago||

Moltis has a web chat UI at least. https://moltis.org/

bluesnowmonkey 10 hours ago|||

Depending on what you mean by claw-like, stumpy.ai is close. But it’s more security focused. Starts with “what can we let it do safely” instead of giving something shell access and then trying to lock it down after the fact.

kzahel 14 hours ago|||

https://yepanywhere.com/ But has no Cron system. Just relay / remote web UI that's mobile first. I might add Cron system to it, but I think special purpose tool is better / more focused (I am the author of this)

tokenless 16 hours ago||

Openclaw!

You can sandbox anything yourself. Use a VM.

It has a web ui.

bjackman 15 hours ago|||

Yeah I think this is gonna have to be the approach. But I don't like the fact that it has all the complexity of a baked in sandboxing solution and a big plugin architecture and blah blah blah.

TBH maybe I should just vibe code my own...

bspammer 12 hours ago|||

I don’t really understand the point of sandboxing if you’re going to give it access to all your accounts (which it needs to do anything useful). It reminds me of https://xkcd.com/1200/

tokenless 5 hours ago|||

Because you don't give it access to all your accounts, you choose what. And files on your PC may be private and you don't want to risk exposing them.

A use case may be for example give it access to your side project support email address, a test account on your site and web access.

bjackman 11 hours ago|||

Yeah I have been planning to give it its own accounts on my self hosted services.

I think the big challenge here is that I'd like my agent to be able to read my emails, but... Most of my accounts have Auth fallbacks via email :/

So really what I want is some sort of galaxy brained proxy where it can ask me for access to certain subsets of my inbox. No idea how to set that up though.

tokenless 5 hours ago||

> So really what I want is some sort of galaxy brained proxy where it can ask me for access to certain subsets of my inbox. No idea how to set that up though.

Though of the same idea. You could run a proxy that IMAP downloads the emails and then filters and acts as IMAP server. SMTP could be done the same limited to certain email addresses. You could run an independent AI harmful detector just in case.

More comments...