There are real, impressive examples of the power of agentic flows out there. Can we up the quality of our examples just a bit?
This AI wave is filled with "ideas guys/gals" who thought they had an amazing awesome idea and if only they knew how to program they could make a best-selling billion dollar idea, being confronted with the reality that their ideas are really uninteresting as well.
They're still happy to write blog posts about how their bleeding-edge Claw setup sends them a push notification whenever someone comments on one of their LinkedIn posts, though.
"What a great idea! This will revolutionize linkedin commenting. Let's implement it together."
I'm happy for the voice assistant to add stuff to my grocery list, though. The consequences are not serious if it screws up a letter or something.
But in general I do agree: flight bookings are something I want to do myself, because even I don't fully know my preferences when it comes to timing and price until I see what's available. And in general I don't find it all that difficult to do. A couple days ago I booked a multi-city travel itinerary with four different destinations, and it took me about a half hour?
Sure, if an LLM can do that in under a minute, that would be cool, but in absolutely zero situations would I not need to check its work, and if it did get it wrong, I'd have to do it all myself anyway.
I wouldn't remotely trust a software assistant to deal with all that misdirection autonomously, but I guess I'd be prepared to give it a chance collating options with tolerable time and cost, attempting to make the price include the stuff that has to be added to preserve health, sanity and a modicum of human dignity.
Can't wait for agents to handle all of it.
Morning Briefing: - it reads all my new email (multiple accounts and contexts), calendars (same accounts and contexts), slack (and other chat) messages (multiple slacks, matrix, discord, and so on), the weather reports, my open/closed recent to dos in a shared list across all my devices, my latest journal/log entries of things done. Has access for cross referencing to my "people files" to get context on mails/appointments and chat messages.
From all this, as well as my RSS feeds, it generates a comprehensive yet short-ish morning briefing I receive on weekdays at 7am.
Two minutes and I have a good grasp of my day, important meetings/deadlines/to dos, possible scheduling conflicts across the multiple calendars (that are not syncable due to corporate policies). This is a very high level overview that already enables me to plan my day better, reschedule things if necessary. And start the day focused on my most important open tasks/topics. More often than not this enables me to keep the laptop closed and do the conceptual work first without getting sucked into email. Or teams.
By the way: Sadly teams is not accessible to it right now. MS Power Automate sadly does not enable forwarding the content of chats. Unlike with emails or calendar appointments.
Just for that alone it is worth having it to me. YMMV.
I also can fire a research request via chat. It does that and writes the results into a file that gets synced to my other devices. Meaning I have it available at any device within a minute or so. Really handy sometimes. It also runs a few regular research tasks on a schedule. And a bit of prep work for copy writing and stuff like this.
Currently it is just a hobby/play project. But the morning briefing to me is easily worth an hour of my day. Totally worth running it on my infra without additional costs.
Doesn't this sorta defeat those policies though? Now all of your calendars are "synced" to a random unvalidated AI agent.
In the spirit of CLIs being easy on your tokens:
https://pnp.github.io/cli-microsoft365/cmd/teams/chat/chat-g...
Use the JSON responses for full detail including e.g. reactions.
Composio, behind the blog post, offers "Enterprise" pricing, and has no Teams examples. A stat HN ignores: 85% of SMBs are on M365, not Google Workspace and Slack.
You can pick winners and losers in a segment early, by whether they treat M365 as a first class platform or pretend it doesn't exist. Check for the "Continue with Microsoft" button or support for OIDC not just SAML+SCIM, as well as examples for Teams.
This isn't just true for YC classes, holds true for unicorns. Compare Anthropic's "Claude in Excel" and "Claude in PowerPoint" instead of in Google Docs or Sheets, and guess which firm has a better grasp of how business works outside the valley. And yeah, Claude in Chrome works in Edge (and the lack of just renaming and posting Claude in Edge for normals to find is an ANTHROP\C miss).
How do you ensure that it's not hallucinating stuff, or ignoring something important?
I want to setup agent to clean up my gmail inbox which has many thousands of unread messages.
Software is pretty good. It remembers everything, perfectly, forever. It will never forget to remind you of something. It can give you directions, sort your emails by how important they are, help you find shops and restaurants. The only people busy enough to warrant an actual human doing that stuff are executives. And, even then, I think for most of them it's an ego thing, not an "I need this" thing.
Now AI can provide a simulacrum of his fondest aspiration, to be too important to click through booking.com and make someone else do it for him.
there aren't, and just like the blockchain "industry" with its "surely this is going to be the killer app" we're going to be in this circus until the money dries up.
Just like the note-taking craze, the crypto ecosystem and now AI there's an almost inverse relation between the people advocating it and actually doing any meaningful work. The more anyone's pushing it the faster you should run into the opposite direction.
1. Semi-private blockchains, where you can rely on an actor not to be actively malicious, but still want to be able to cryptographically hold them to a past statement (think banks settling up with each other)
2. NFTs for tracking physical products through a logistics supply chain. Every time a container moves from one node to the next in a physical logistics chain (which includes tons of low trust "last mile" carriers), its corresponding NFT changes ownership as well. This could become as granular as there's money to support.
These would both provide material advantages above and beyond a centralized SQL database as there's no obvious central party that is trusted enough to operate that database. Neither has anything to do with retail investors or JPEGs though, so they'll never moon and you'll never hear about them.
- A photo sharing app will change restaurants, public spaces, and the entire travel industry across the world
- The smartphone will bring about regime change in Egypt, Tunisia, Lebanon, and other countries in ~4 years
- We'll replace taxis and hotels by getting rides and sharing homes with strangers
- Billions of people across the world will never need to own a desktop or laptop
- A short video sharing app will kill TV
- QR codes become relevant
Most of these would be a hard sell at the time.
I think the smart phone revolution is actually pretty overstated. It basically only made computers cheaper and handier to carry (but also more walled gardens). There are a few capabilities of smart phones we do today which we didn’t with do with computers and mobile phones back in 2007, such as navigation (GPS were a thing but not used much by the general public).
Your case would be much stronger if you’d use the World Wide Web as your analogy, as in 1995 it would by hard to convince anybody how important it would be to maintain a web presence. And nobody would guess a social media like the irc would blow up into something other then a toy.
However I think the analogy with smartphones are actually more apt, this AI revolution has made statistical models more accessible, but we are only using them for things we were already capable of before, and unlike the web, and much like smartphones, I don’t think that will actually change. But unlike smartphones, it will always be cheaper and often even easier to use the alternatives.
- Publicly waving your resume around will passively invite job interviews.
There's a new OpenClaw adaptation, Ottie, that I think could be a bank manager, bank teller, stockbroker, piggy bank, accountant, wallet, security guard and credit card provider all rolled into one. I just haven't used it yet. https://ottie.xyz/
So that would be:
- Digital sidekick weeds out parasitic relationships.
There has to be tremendous value in that.
When solutions are looking for problems, it means that things may seem oversold when in fact they are still undersold.
Somewhere should definitely make this for missing persons.
Please don't. The reason we're still enjoying the bit of the old world as we know it, is just because nobody has really figured it out yet. Enjoy the moment, while it lasts.
> Doing this manually is already pretty trivial
No, it’s not! You are the one who made it trivial by using three words to define! How about if I could only fly out between 9 am-noon next Friday? Also, combine it with hotel and rental car. Many times total $ between sites could be a difference of close to $200 or more along with better itinerary. That’s just the surface. The more preferences you add, the complex it becomes, so make it a right scenario for agent automation along with calendar management which has similar complexity.
When you need a bunch of busy people in a meeting it becomes hard to book a meeting. If several people need to travel incuding get a visa it is hard to fit it all it between other meetings that refuired people caanot skip.
travel is hard when you are trying for the best deal across flights, hotels and such. many sites only guarentee prices for 15 minutes so you can't even get all the needed prices on a spreadsheet at once - particularly if you have flevible travel dates. I've booked a best price plane ticket only to discover it was the worst date for hotels and I could have saved money on a more expensive flight.
When it comes to agents' tasks, I tend to focus on things that I couldn't do before without automated agents, at least at the going price.
The kind of automation I'm doing is more like building a set of agents to generate marketing surveys for me. They take free form input from me and my project. They aren't particularly sexy but they go off and do something valuable that I literally would never pay for at the prices that they are normally.
Well, and doing them programmatically and automatically without any AI is also possible, if not trivial...and has been for some time.
And none of the friends playing with openclaw have any useful non-trivial workflows which can't be automated in oldschool way.
The only viable workflow so far I could think of - build your own knowledge base and info processing pipeline.
this plus a whole bunch of other skills (credit card payments notification and itemization/spend tracking, utilities (power/water) anomalies monitoring, daily solar power generation tracking and solar battery health checks, homelab maintenance (apt upgrades, storage cleanups, etc), media management, UPS battery health tracking, NAS disk heath tracking, etc).
I believe OpenClaw is start of a new genre of "always on" personal assistant/agent (tied to a "skills" store) that handles all the drudgery of daily living. you get back something genuinely precious which is the headspace to focus on the work only you can do. with OpenClaw, we are currently at the "Visicalc" stage and I'm excited where this will eventually lead.
If they had vision they wouldn't be thrown out in a blog post.
If someone implemented something impressive with this stuff, they wouldnt be keeping it quiet. False negatives are unproductive
No.
And there’s mundane answers why.
People used to talk about phone home screens, back in the day, every iPhone had 16 spots
It became wisdom everyone had the same 12 apps but then there were 4 that that were core for you and where most of your use went, but they were different apps from everyone else.
So it goes for agent demos.
Another reason: every agentic flow is a series of mundane steps that can be rounded to mundane and easy to do yourself. Value depends on how often you have to repeat them. If I have to book a flight once every year, I don’t need it and it’s mundane.
There’s no life changing demo out there that someone won’t reply dismissively to. If there was, you’d see them somewhere, no? It’s been years of LLMs now.
Put most bluntly: when faced with a contradiction, first, check your premises. The contradiction here being, everyone else doesn’t understand their agent demos are boring and if just one person finally put a little work and imagination into it, they’d be life changing.
Nobody shows this because the technology is still immature and very shit.
I was very impressed by Anthropic's swarm of agents building a C compiler earlier this year with 1000 PRs per hour. Easy to nitpick that it wasn't perfect, but it sure was impressive.
I am not optimistic, not because the techs is lacking, but the context in which it is born is awful.
I don't think we should call presentations visionless or fault them for wanting to solve this UX nightmare.
Claude is pretty amazing, but it still goes down rabbit holes and makes obvious mistakes. Combining that with "oops I just bought a non-refundable flight to the wrong city" seems... unfun.
Just like anything in engineering really: you have to play around source control to understand source control, you have to play around with database indexes to learn how to optimize a database.
Once you've learned it and incorporated it into your tool set, you then have that to wield in solving problems "oh, damn, a database index is perfect for this."
To this end, folks doing flights and scheduling meetings using OpenClaw are really in that exploration / learning phase. They tackle the first (possibly uninventive thing) that comes to mind to just dive in and learn.
The real wins come down the line when you're tackling some business / personal life problem and go: "wait a second, an OpenClaw agent would be perfect for this!"
Such as?
That's ridiculous. The utility of any tool is usually knowable before using it. That's how most tools work. I don't need to learn how to drive a car to know what I could use it for. I learn to drive it because I want to benefit from it, not the other way around.
It's the same with computers and any program. I use it to accomplish a specific task, not to discover the tasks it could be useful for.
OpenClaw is yet another tool in search of a problem, like most of the "AI" ecosystem. When the bubble bursts, nobody will remember these tools, and we'll be able to focus on technology that solves problems people actually have.
> As I have mentioned, treat OpenClaw as a separate entity. So, give it its own Gmail account, Calendar, and every integration possible. And teach it to access its own email and other accounts. In addition, create a separate 1Password account to store credentials. It’s akin to having a personal assistant with a separate identity, rather than an automation tool.
The whole point of OpenClaw is to run AI actions with your own private data, your own Gmail, your own WhatsApp, etc. There's no point in using OpenClaw with that much restriction on it.
Which is to say, there is no way to run OpenClaw safely at all, and there literally never will be, because the "lethal trifecta" problem is inherently unsolvable.
Hard disagree. I have OpenClaw running with its own gmail and WhatsApp running on its own Ubuntu VM. I just used it to help coordinate a group travel trip. It posted a daily itinerary for everyone in our WhatsApp group and handled all of the "busy work" I hate doing as the person who books the "friend group" trip. Things like "what time are doing lunch at the beach club today?" to "whats the gate code to get into the airbnb again?"
My next step is to have it act on my behalf "message these three restaurants via WhatsApp and see which one has a table for 12 people at 8pm tonight". I'm not comfortable yet to have it do that for me but I'm getting there.
Point is, I get to spend more valuable time actually hanging out and being present with my friends. That's worth every dollar it costs me ($15/month Tmobile SIM card).
Why do you go on trips with your friends if you have to do all the work?
I've made my own AI agent (https://github.com/skorokithakis/stavrobot) and it has access to just that one WhatsApp conversation (from me). It doesn't get to read messages coming from any other phone numbers, and can't send messages to arbitrary phone numbers. It is restricted to the set of actions I want it to be able to perform, and no more.
It has access to read my calendar, but not write. It has access to read my GitHub issues, but not my repositories. Each tool has per-function permissions that I can revoke.
"Give it access to everything, even if it doesn't need it" is not the only security model.
You're using stavrobot instead of OpenClaw precisely because the purpose of OpenClaw is to do everything; a tool to do everything needs access to everything.
OpenClaw could be kinda useful and secure if it were stavrobot instead, if it could only do a few limited things, if everything important it tried to do required human review and intervention.
But stavrobot isn't a revolutionary tool to do everything for you, and that's what OpenClaw is, and that's why people are excited about it, and why its problems can never be fixed.
Every submission I've seen on HN involving OpenClaw will have a comment with this sentiment. "What's the point if you don't give it access to your data ... And if you do, it's a security nightmare ... hence OpenClaw is evil"
It's a quick way to spot the person who's never spent any real time with OpenClaw.
I always used to give use cases that don't have you give it much (if any) of your data. Examples on how you can give it only a tiny amount of data (many HN users give more just in their HN profile).
But I tire of countering folks who clearly have not even tried it.
(And I'm not even that pro-OpenClaw. I was using it, then a bug on my system prevented me from using it - a week without OpenClaw and so far no withdrawal symptoms).
It’s especially ridiculous responding to a blog about isolating these capabilities rather than dropping them. Those are basic security boundaries more than “restrictions.”
However my point is: on the other hand, that would be the same if you outsourced those tasks to a human, isn't it? I mean sure, a human can be liable and have morals and (ideally) common sense, but most major screw ups can't be fixed by paying a fine and penalty only.
We have no general-purpose solutions to the principal-agent problem, but we have partial solutions, and they only work on humans: make the human liable for misconduct, pay the human a percentage of the profits for doing a good job, build a culture where dishonesty is shameful.
The "lethal trifecta" is just like that other infamously unsolvable problem, but harder. (If you could solve the lethal trifecta, you could solve the principal-agent problem, too.)
Since we've been dealing with the principal-agent problem in various forms for all of human history, I don't feel lucky that we'll solve a more difficult version of it in our lifetime. I think we'll probably never solve it.
We have no such thing for AI yet.
Can we make the agent liable? or the company behind the model liable?
There's a growing part of me that really wants a massive security/safety disaster that's clearly caused by AI so that everyone will shake it off and it will resettle into something at least halfway reasonable. I mean a watershed event like a Triangle Shirtwaist or thalidomide or Therac-25 or Hindenburg type incident that makes people shift their mindset to where they are reflexively skeptical of AI because they assume its risks outweigh its benefits.
I can envision someone sitting in a park bench with a small set of earphones planning a family trip with their AI. They get home and see the details of it on their fridge. They check with their partner, and then just tell the AI to book it. And it all works.
I probably won’t use it and hate it. I’ll stick to my old ways of booking the trip with my fingers. But those born into it will look at me crazy.
The point was to give it unlimited access to your entire digital life and while I'd never use it that way myself, that's what many users are signing up for, for better or worse.
Obviously, OpenClaw doesn't advertise it like that, but that's what it is.
Needless to say, OpenClaw wasn't even the first to do this. There were already many products that let you connect an AI agent to Telegram, which you could then link to all your other accounts. We built software like that too.
OpenClaw just took the idea and brought it to the masses and that's the problem.
I don't see what the extra benefit is that OpenClaw gets from being able to access everything.
The security risks of this setup are lower than most openclaw systems. The real risks are in the access you give it. It's less useful with limited access, but still has a purpose.
I know a guy using openclaw at a startup he works at and it's running their IT infrastructure with multiple agents chatting with each other, THAT is scary.
No email stuff, no booking things, no security problems.
^* or equivalents
- Where do you source real time traffic data, ferry schedules, etc? Google APIs get you part of the way there but you'd need to crawl public transit sites for the rest.
- How do you keep track of what went into the fridge, what was consumed/thrown away?
- How do you track real world events like buying a physical pass?
If “AI” can predict what you need, start with that. And layer in the “do it for me” (“book me the 1pm ferry”) later on.
People are inventing the future of human/ai interaction themselves because big tech could not do it within their own constraints.
Don't get me wrong, those constraints are there for a reason, but the hacker mentality seems muted lately.
And all cause lazy.
Instead, that's more like what addled octgenarians do. Get tricked by Nigerian scam artists into installing some p0wnage.
Only ever a creative prompt injection away from a leak.
Saw some smarter people using credential proxies but no one acknowledges the very real risk that their “claws” commit cyber crime on their behalf once breached.
Having a separate machine thats isolated is all well and good, but that doesn't protect you from someone convincing your openclaw to give them your credit card.
The moment it steps outside that boundary, you're sending the bot into unpredictable territory. At that point, things can get ambiguous pretty quickly, and in some cases even adversarial.
Kids need scissors. And they're inexperienced. So you give them kid-safe scissors. It makes it harder to cut themselves.
The same needs to take place with assets you want the bot to manage
- give access to a card with a total spend limit - read only access to some things, edit others - limited scope permissions
One of the reasons why I dragged my feet to use openclaw is that I knew security was an issue from the beginning. I thought by now where would be some solutions and there are, but I only found out from the community. I think there will need to be some level of ecosystem management. Apple does a good job. But for that you need resources and investment.
I think it's interesting that if this was a normal program this level of access would be seen as utterly insane. A desktop software could use your cookies to access your gmail account and automatically do things (if you didn't want to use the e-mail protocols that already exist for this kind of stuff), but I assume the average developer simply wouldn't want to be responsible for such thing. Now, just because the software is "AI," nothing matters anymore?
Using telegram? Being able to automatically create calendar events based on emails?
Maybe this idea is lost on 10^x vibecoders, but complexity almost always comes at a cost to security, so just throwing more "security mechanisms" onto a hot vibe-coded mess do not somehow magically make the project secure.
> We’re simply not there yet to let the agents run loose
As if there aren’t fundamental properties that would need to change to ever become secure.
Source: https://www.statista.com/statistics/273550/data-breaches-rec...
Between the number of public hacks, and the odious security policies that most orgs have, end users are fucking numb to anything involving "security". We're telling them to close the door cause it's cold, when all the windows are blown out by a tornado.
Meanwhile, the people who are using this tool are getting it to DO WHAT THEY WANT. My ex, is non technical, and is excited that she "set up her first cron job".
The other "daily summaries" use case is powerful. Why? Because our industry has foisted off years of enshitification on users. It declutters the inbox. It returns text free of ads, adblock, extra "are you a human" windows, captchas.
The same users who think "ai is garbage at my work" are the ones who are saying "ai is good at stripping out bullshit from tech".
Meanwhile we're arguing about AI hype (sam Altman: AGI promises) and hate (AI cant code at all).
The last time our industry got things this wrong, was the dot com bubble.
Meanwhile none of these tools have a moat (Claude is the closest and it could get dethroned every day). And we're pouring capital into this that will result in an uber like price hike/rug pull, till we scale the tools down (and that is becoming more viable).
For now.
If you are spending more money on tokens than the agents are making you money (or not), then it is unfortunately all for nought.
The question is, who is making money on using Openclaw other than hosting?
Buying a ticket, writing an email, setting calendars or fiddling with files on the drive etc. have none of these guardrails. LLMs can and will simply oneshot the slop into a real system, without neither computer nor human validation.
I have no idea how anyone is going to do that.
It's a) harder to setup, b) less functional out of the box, c) has almost exactly the same security risk surface -- either you hook it up to your email, comms, documents and give it API tokens, or you don't. If you do -- well, at least it can't delete your hard drive without turning full evil and looking for red pill type exploits that break the container -- but, it still has the same other security dynamics.
Anyway, employing a very suspicious watcher that's hooked to the shell and API calls is probably the way forward. Can that thing be reasoned with / tricked?
And simply "secure enough" doesn't help much either, because whereas a single human spy can only do so much damage, if an LLM is given access to everything in one way or another - which is the whole concept - then the potential damage is boundless.
I just end up never doing it. Got it done in a couple hours with openclaw.
I’m sure there are much better ways to do that, which I will now learn in time due to the initial activation energy being broken on the topic. But for now, it’s fun running down my half decade old todo list.
