Agor vs. OpenClaw (ClawdBot): Thoughts on Agent Orchestration

What the fastest-growing open-source project teaches us about agentic AI

OpenClaw (née ClawdBot, briefly MoltBot - trademark lawyers move fast) just became the fastest-growing open-source project in GitHub history. 90,000+ stars in weeks. Cloudflare stock up 20%. Mac Minis selling out globally.

The market screaming that it wants AI that actually does things.

For a decade, big tech promised us AI assistants and delivered glorified timers. Siri in its walled garden. Alexa controlling lights. Google Assistant knowing everything and doing nothing with it. OpenClaw exposed how timid those efforts were and proved the demand for real agency was always there, waiting.

One story captures it perfectly: a user asked OpenClaw to make a restaurant reservation. OpenTable didn’t have availability. So the agent found voice AI software, downloaded it, called the restaurant directly, and secured the reservation over the phone. Zero human intervention.

That’s not automation. That’s problem-solving. That’s an agent recognizing the initial approach failed and autonomously finding a different solution.

I’ve been building Agor, a spatial workspace for orchestrating AI coding agents (GitHub). Watching OpenClaw explode has been fascinating because we’re solving adjacent problems with different architectures, but we share the same core belief: AI should actually do things.

What Makes OpenClaw Special: The Agent Loop

Here’s what took me a while to understand about OpenClaw: the skills aren’t the magic. The agent loop is.

Yes, OpenClaw connects to everything—email, calendar, browser, voice calls, file systems. But lots of systems can integrate with APIs. What makes OpenClaw remarkable is something more fundamental: it’s a complete framework for agent identity, memory, and self-improvement.

On first run, OpenClaw asks for a name. It maintains a SOUL.md file defining its personality and communication style. It has a sophisticated memory system:

• MEMORY.md for long-term curated facts, decisions, and preferences
• memory/YYYY-MM-DD.md for daily logs and running context
• Vector search with hybrid BM25 for semantic + keyword recall
• Auto-flush before context compaction to preserve important information
• Task tracking through taskr for persistent todo management

This isn’t just infrastructure. It’s an architecture for artificial continuity. The agent remembers what it learned yesterday. It tracks what it’s working on. It can modify its own instructions and improve its workflows. It has persistence across sessions.

That restaurant reservation story everyone shares? The real insight isn’t that it made a phone call. It’s that the agent recognized the initial approach failed, searched for alternative solutions, found voice AI software, taught itself to use it, and executed a completely different plan—autonomously, with no human in the loop.

That’s not automation. That’s problem-solving. That’s an agent with an identity, memory, and the ability to evolve its own capabilities.

Where Agor Started (And What It Doesn’t Have)

Agor came from a different problem space: software engineers managing dozens of AI coding agents in parallel across teams, repos, and environments.

It’s built on top of agentic coding SDKs (Claude Code, Codex, Gemini, OpenCode) and is fundamentally worktree-centric: every agent operates in a Git worktree, an isolated filesystem with its own branch, environment, and permissions.

Agor gives you:

• Git-native isolation (every agent in its own worktree)
• Spatial canvas to visualize parallel work
• Scheduler for recurring prompts
• MCP integration for extensibility
• Multi-agent coordination primitives
• Unix-level isolation and RBAC for teams

What Agor doesn’t have is OpenClaw’s agent loop architecture. There’s no baked-in memory system. No persistent identity framework. No self-improvement scaffolding that works out of the box. At least not yet.

You get the primitives: git, scheduling, policies, MCP. But if you want an agent loop, you have to build the loop yourself.

What We’re All Learning

The OpenClaw moment is teaching the entire industry several things at once:

1. Agent loops + orchestration are the unlock. The real innovation isn’t connecting to APIs—it’s building infrastructure for persistent identity, memory, and self-improvement. OpenClaw’s SOUL.md + memory system + task tracking is a complete framework for artificial continuity. That’s what makes agents feel intelligent rather than just responsive.

2. The demand is real and massive. People don’t want assistants that suggest. They want assistants that do. The pent-up frustration with neutered AI helpers just got quantified: 90,000 stars in weeks.

3. Local-first resonates. Your conversation history on your machine. Your credentials under your control. Privacy-first architecture isn’t just a nice-to-have; it’s a core value prop that people will move markets for.

4. Extensibility is everything. OpenClaw’s “skills” ecosystem (50+ bundled, infinite customization) shows that agents need hands and feet. Browser automation, file system access, shell commands, calendar integration. The more an agent can touch, the more useful it becomes.

5. Security is genuinely hard. The vulnerabilities researchers found aren’t indictments of OpenClaw—they’re the inherent challenges of giving AI agents real agency. Broad permissions create attack surface. Prompt injection remains unsolved. These are agentic AI problems we’re all grappling with.

OpenClaw isn’t just showing us what’s possible. It’s showing us what’s necessary to make agents actually useful.

Comparing Approaches

OpenClaw and Agor are solving related but distinct problems:

What’s inspiring to me is the convergence:

• Both believe in agents that do things, not just suggest
• Both are local-first / self-hosted
• Both embrace extensibility (skills vs MCP—increasingly overlapping)
• Both support scheduling and proactive behavior
• Both have mobile interfaces for prompting anywhere
• Both let you run against Claude, GPT-4, or local models

We’re exploring adjacent territory. OpenClaw nailed the agent loop architecture and provided a skills marketplace. Agor is still figuring that out while solving team coordination.

What OpenClaw Is Teaching Me

Watching OpenClaw’s agent loop in action has fundamentally changed how I think about what Agor could become.

OpenClaw proved something I suspected but hadn’t seen executed this cleanly: **agents need infrastructure for continuity and self-improvement that transcends session. ** Memory, identity, self-modification capabilities, persistent goals. Not just API access—actual scaffolding for intelligence that persists across sessions.

That SOUL.md file? That’s not a gimmick. It’s addressing a real problem: how does an agent maintain coherent behavior when every conversation starts fresh? How does it remember what it learned, what worked, what didn’t?

The memory system with daily logs and vector search? That’s solving context limitations at the architectural level. The agent isn’t just dumping history—it’s actively curating what matters.

The self-improvement loop where the agent modifies its own instructions and commits changes? That’s treating the agent’s capabilities as code that can evolve.

This is brilliant. And it’s making me expand my horizons arond what Agor could provide.

Exploring Agent Loops in Agor’s Architecture

Agor wasn’t built with this kind of agent continuity in mind. It was built for orchestrating many short-lived coding agents working in parallel. Spawn an agent, give it a task, spawn a dozen more, monitor.

But OpenClaw’s approach suggests a different paradigm: long-lived agents with persistent identity.

I spent last weekend exploring what this might look like in Agor’s architecture. The idea: a personal_assistant repo that becomes an agent’s workspace for self-improvement.

personal_assistant/
├── SOUL.md              # Agent identity and personality
├── MEMORY.md            # Curated long-term memory
├── memory/
│   └── 2026-02-03.md   # Daily logs
├── skills/              # Custom capabilities
│   ├── gmail/
│   ├── calendar/
│   └── slack/
└── workflows/
    └── morning_briefing.md

You pop this as a worktree in Agor. The agent has full access to modify its own instruction files, build new skills, maintain its memory. You schedule recurring prompts (“review and update MEMORY.md every 30 minutes”). The agent evolves its own capabilities through git commits.

It’s working. But I’ll be honest: I’m just getting started here.

OpenClaw gives you a complete agent loop out of the box. Identity, memory, self-improvement—it’s all there, battle-tested and ready to use. The harness is wide open and impressive.

With Agor, you’re building the loop yourself using git primitives, skills, scheduling, and MCP integration. More flexible, more control—but also more work.

Some developers will love this. You can design your own memory architecture, your own self-improvement cadence, your own agent identity framework. Everything lives in git, version-controlled and forkable.

I’m still figuring out the right answer. Maybe Agor should ship with an opinionated agent loop framework inspired by OpenClaw. Maybe it should stay primitive and let the community build patterns. Maybe both—batteries included, but swappable.

Different Security Trade-offs

Agents need access to be useful. That’s the fundamental tension. OpenClaw’s approach is optimized for personal use: one agent, one user, broad permissions to accomplish tasks across your digital life.

Agor started with a different constraint: multiple teams, shared infrastructure, production code. That led to an architecture focused on isolation:

Git-native scoping. Each worktree is an isolated environment. An agent working on feature-auth doesn’t automatically have access to feature-payments.

MCP as the capability layer. Rather than bundled skills, capabilities are explicitly connected through MCP servers. You choose what each session can reach.

RBAC for multi-user environments. Who can see which worktrees? Who can spawn agents? Who can modify zone triggers? Role-based access control for team coordination.

Unix-level isolation. Each user can have a Unix account. Agents run as the user who spawned them, inheriting that user’s filesystem permissions. We’re leaning on decades of battle-tested Unix security rather than inventing new isolation primitives.

SDK-level policies. Because Agor builds on Claude Code, Codex, and Gemini SDKs, it inherits their permission systems: read-only modes, workspace boundaries, tool restrictions, approval flows. These policies can be set per-agent, per-worktree, or per-zone.

The goal is flexibility: some environments want agents sandboxed with read-only access, others want full autonomy. Agor tries to give you the primitives to implement the security posture you need.

But let’s be clear: these are trade-offs, not solutions. Prompt injection remains unsolved. Determining the right boundaries is genuinely hard. OpenClaw’s security challenges aren’t unique to OpenClaw—they’re the frontier problems all of us building agentic systems have to navigate.

The question isn’t “which system is more secure?” It’s “which security model fits your use case?” Single-user personal automation vs. multi-tenant team coordination have different threat models and different acceptable trade-offs.

What I’m Taking From OpenClaw

OpenClaw’s explosion taught me something I should have understood sooner: people don’t want tools. They want agents.

Not “agents” as in chatbots that answer questions. Agents as in entities with persistent identity, memory, filesystem acces, and the ability to take action autonomously over time.

The agent loop architecture—SOUL.md for identity, layered memory systems, self-improvement capabilities—that’s what makes OpenClaw feel like an agent rather than just an LLM wrapper.

Agor was built for a different problem (team coordination, parallel work, git-native isolation), but the lesson translates: infrastructure for continuity is foundational.

Whether that’s OpenClaw’s opinionated framework or Agor’s git-based primitives doesn’t matter as much as the underlying insight: agents need scaffolding to be useful beyond single interactions.

I’m still figuring out how to bring this into Agor’s architecture. Maybe ship an opinionated agent loop framework inspired by OpenClaw. Maybe provide primitives and let the community build patterns. Maybe both.

What I know: OpenClaw proved the demand. Now the question is how to build agent loop architectures that work across different use cases—personal automation, team coordination, production deployments.

Which One Should You Use?

Honestly? If you’re looking for a working personal AI agent, connecting to all your tools, right now, use OpenClaw.

It’s a complete framework. The agent loop architecture is there, the memory system works, the skills ecosystem is rich. You install it, give it a name, and you have an agent that can manage your digital life with persistent identity and self-improvement.

If you’re a developer who’s already using Claude Code, Cursor, or other coding agents, and you’re finding yourself managing many parallel sessions across different repos and branches, that’s where Agor starts to make sense.

Agor isn’t trying to be a personal assistant out of the box. It’s infrastructure for orchestrating many coding agents with git-native isolation and spatial visibility. The agent loop architecture that makes OpenClaw magical? Agor doesn’t have that yet—you’d be building it yourself with git primitives.

The honest comparison:

• OpenClaw is a product. It solves personal automation elegantly, right now.
• Agor is primitives for team-based agent orchestration. It’s for coordinating parallel coding work, not replacing your personal assistant.

Could you build OpenClaw-style agent loops in Agor? Yes, technically. Should you? Probably not, unless you specifically need Agor’s multi-user isolation and team coordination features.

Where I’m heading:

OpenClaw’s agent loop architecture is inspiring me to think about how Agor could provide similar infrastructure for continuity—but in a way that makes sense for team-based development workflows. Not one long-lived personal agent, but many coordinated agents with structured memory and identity.

That’s still exploratory. OpenClaw has it figured out now.

The Real Lesson

OpenClaw’s explosive growth isn’t just validation for one project. It’s a signal about where computing is headed.

People want creative agent that can think and act on their own. Not suggestions. Not summaries. Action with continuity.

The agent loop architecture—persistent identity, memory systems, self-improvement—is what makes that possible. It’s the difference between a tool you use and an agent that works for you.

OpenClaw figured this out for personal automation. The framework is elegant, the execution is solid, and the demand proves it’s solving a real problem.

The security challenges OpenClaw faces aren’t unique to OpenClaw. They’re the frontier problems everyone building agentic systems has to solve. Prompt injection, credential management, attack surface, trust boundaries—these are hard problems precisely because we’re giving AI real agency.

The researchers finding vulnerabilities are doing important work. The community patching quickly shows maturity. The conversation about security trade-offs is one we all need to have, not just OpenClaw users.

This is a moment where an open-source project showed us what’s possible, moved markets, and forced the entire industry to raise its ambitions.

Try Agor → | GitHub →