VIDEO
HIGHLIGHT
Log InSign up
Clawdbot/OpenClaw Is A Nightmare (So I Built A Better Version)
SummaryTranscriptChat

Clawdbot/OpenClaw Is A Nightmare (So I Built A Better Version)

Building a Better AI Assistant

Introduction to AI Assistants

  • The speaker introduces the concept of advanced AI assistants like Claudebot and Maltbot, highlighting their potential to automate tasks but also their risks, comparing them to a "brilliant intern" with destructive capabilities.
  • A prototype is created in 25 minutes, showcasing impressive results despite minimal input, indicating the power of current AI technologies.

Understanding Frameworks

  • The discussion shifts towards understanding existing frameworks that underpin these AI systems, emphasizing that they are not entirely new innovations.
  • Viewers who are less interested in technical details are encouraged to skip ahead; however, those wanting deeper knowledge should stay for insights into implementation.

Overview of the Gotcha Framework

  • The speaker presents the "claude MD" file as a system handbook governing various environments (e.g., VS Code), which can be adapted for different programming languages.
  • The probabilistic nature of LLMs (Large Language Models) is discussed; the goal is to create deterministic outputs using scripts alongside AI capabilities.

Layers of the Gotcha Framework

  • The framework consists of six layers:
  • Goals: Tasks or standard operating procedures.
  • Orchestration Layer: Current environment interacting with Claude.
  • Tools: Scripts used (Python or others).
  • Context is crucial for effective operation; it includes business-specific information that aids in generating relevant content and responses.

Additional Components and Capabilities

  • Hard prompts are stored separately for regression testing without needing specific scripts, allowing flexibility in operations.
  • Arguments represent behavioral settings at runtime, enabling dynamic adjustments during execution. This framework aims to replicate functionalities found in other systems while minimizing security concerns.

Understanding the Layered System for Automation

Overview of Layer Functionality

  • The file explains how each layer operates in detail, providing bullet points on desired behaviors and manifests for tools to streamline processes.
  • Manifests help avoid redundant searches by confirming tool existence, allowing the system to focus on building only what is necessary.

Self-Healing Mechanism

  • The system incorporates a self-healing loop that retries tasks upon failure, documenting errors to prevent recurrence.
  • This adaptive learning process allows users to automate tasks while managing large builds without constant oversight.

Preventing Hallucinations

  • A mechanism is in place to ensure the system does not fabricate solutions when it encounters unknown elements; instead, it seeks clarification or alternative suggestions.
  • Basic guardrails are established to prevent harmful actions (e.g., deleting important content), with an emphasis on user confirmation before critical changes.

File Structure and Application Building

Importance of File Organization

  • The file structure is designed for efficient command execution, enabling the system to build applications based on user instructions effectively.
  • The next step involves a specific file dedicated to app construction within a governing framework aimed at full-stack application development using AI assistance.

Atlas Workflow Framework

  • The Atlas workflow outlines a structured approach for building applications, emphasizing adherence to software development life cycles rather than ad-hoc methods.
  • It highlights the necessity of integrating testing and monitoring into the development process, which is often overlooked in casual tutorials.

Key Steps in Application Development

Step 1: Architect

  • Defining problems, users, and success metrics establishes a clear "definition of done," crucial for effective project management.

Step 2: Trace

  • Listing data schemas and integration maps ensures all components are accounted for during product development.

Understanding the Development Process

Validating Connections

  • The initial step involves validating all connections, such as APIs or MCP servers, to ensure they exist before any development begins.

Assembling the Application

  • During the assembly phase, a layered architecture is employed. The focus is on building basic functionality first rather than creating a flashy product immediately.

Prototyping for Functionality

  • The primary goal of prototyping is to quickly determine if the concept works, prioritizing functionality over aesthetics in early stages.

Stress Testing and Error Handling

  • A critical phase includes stress testing to check functionality and error handling. This involves integrating monitoring and observability into builds.

Enhancing System Security

Production Build Considerations

  • For production builds, additional validation layers are added focusing on security measures like input sanitization and edge case handling.

Addressing Security Concerns with Maltbot

  • There’s an emphasis on improving system security by analyzing Maltbot's vulnerabilities compared to existing frameworks, aiming for better functionality without compromising security.

Identifying Gaps in Current Systems

Persistent Memory Issues

  • Current systems lack persistent memory capabilities found in Maltbot; improvements are needed for cross-session conversational memory.

Semantic Search Limitations

  • The absence of semantic search features limits content discovery; this gap needs addressing to enhance user experience.

Community Skills and Risks

Vulnerabilities from Community Contributions

  • Many community skills have inherent vulnerabilities (26% analyzed), posing risks such as credential exposure and data exfiltration due to poor practices among users.

Supply Chain Risks

  • Local file installations from community skills introduce supply chain risks that need careful management to prevent exploitation.

Maltbot Development and Security Enhancements

Transition to Human Control

  • The speaker prefers human oversight over AI in critical operations, indicating a lack of trust in AI for certain tasks.
  • Maltbot operates with an always-on agent using a background NodeJS service, which the speaker has yet to implement due to lack of necessity.

Security Frameworks

  • The current security model is described as "yellow mode," lacking robust guardrails; however, there are some separation of concerns through the Gotcha and Atlas frameworks.
  • The speaker acknowledges that while their tools are more mature and secure than community alternatives, further enhancements could be made in terms of security measures.

Persistent Memory Implementation

  • Establishing persistent memory is identified as the highest priority for improvement; Maltbot's approach includes markdown files, daily logs, SQLite, and vector embeddings for memory management.
  • A structured folder named "memory" will be created containing memory.mmd for long-term facts/preferences in human-readable markdown format. Additionally, a logs folder will maintain daily append-only logs.

Database Structure and Schema

  • The database schema is crucial for future development; it defines how data (ID, type, content) will be organized within the system to facilitate efficient manipulation later on.
  • An index file (do.json) will enable fast lookups similar to existing manifest files used for tools integration. This structure supports CRUD operations (Create, Read, Update, Delete) essential for managing memory entries effectively.

Session Management and Context Preservation

  • During sessions, Maltbot will read from memory.mmd, today's log, and yesterday's log if available; notable events will be appended via memory write.py. Critical context preservation is prioritized before any data deletion occurs through memory flush.py.
  • Vector search capabilities using SQLite VEC are planned to enhance embedding retrieval efficiency at a low cost per million tokens processed. Cost considerations are deemed secondary by the speaker who emphasizes functionality over expense.

Messaging Gateway Setup

  • Phase two involves establishing a messaging gateway via N for Slack and Telegram while considering security implications; direct API usage may also be explored as an alternative approach depending on security needs.
  • Slack was chosen due to existing functionality while Telegram offers better bot API features without business verification requirements—both platforms serve different strategic purposes in communication integration with Maltbot.

Proactive System Features

  • A proactive heartbeat system is proposed to run scheduled tasks such as morning briefings and weekly reviews aimed at summarizing calendar events and task reminders efficiently. This feature aims to enhance user engagement with regular updates on important activities or deadlines.

Understanding Dangerous Commands in Operations

The Risks of Certain Commands

  • The command rm -rf is highlighted as a dangerous operation that removes files without confirmation, posing a risk of wiping entire drives.
  • Emphasis on the importance of caution when executing such commands to prevent catastrophic data loss.

Importance of Auditing

  • Establishing an audit database is crucial for tracking user actions and troubleshooting issues within an operational environment.
  • Auditing is not only vital for businesses but also beneficial for personal projects to maintain oversight on actions taken by automated systems.

Setting Up Your Environment Easily

Creating a New Project Structure

  • Instructions provided on setting up a new folder structure using an IDE like VS Code, making it accessible for users unfamiliar with the process.
  • A step-by-step guide includes creating a folder named "multipart test" to organize project files effectively.

Installing Necessary Extensions

  • Users are advised to install the Claude Code extension from the VS Code marketplace, which is essential for orchestrating tasks within the project.
  • Dragging and dropping necessary files into the newly created environment simplifies setup, ensuring all required components are in place.

Initializing and Running Your Environment

Starting Interaction with Claude Code

  • Initiating a chat with Claude Code allows users to initialize their environment by following instructions outlined in claw.md.
  • The system automatically creates necessary folder structures and executes commands based on user input, streamlining setup processes.

Building Framework and Memory Management

  • Users are encouraged to add specific files like build_app.md to enhance app development frameworks aligned with best practices.
  • The process will evolve over time as new functionalities are integrated into the system, improving upon existing tools like Maltbot.

Completing Setup and Testing

Finalizing Build Processes

  • Updates include adding memory protocols and managing goals related to memory management as part of the Atlas framework's capabilities.
  • Completion of phase one involves verifying documentation updates and ensuring that all tools function correctly within the established framework.

Phase 2 Messaging Gateway Development

Initial Setup and Security Considerations

  • Discussion on loading memory at session start using Python and the next steps for building the init messaging gateway.
  • Inquiry about using end-to-end security versus baking in custom security for the Telegram API, similar to Slack integration.
  • Emphasis on direct integration being cleaner than routing layers, with a note that Telegram's bot API is simpler than Slack's.

Configuration and Features

  • Outline of required arguments for the Telegram bot: token, allowed user IDs, rate limits, and file deletion confirmation.
  • Confirmation that both Slack and Telegram will be used; discussion on creating a messaging.yaml file with security configurations like whitelists and rate limits.

Setting Up APIs and Environment

Step-by-Step Guidance

  • Explanation of how the system provides step-by-step instructions for setting up API keys without manual input.
  • Mention of environmental tokens stored in an .env file governing all API keys; caution against revealing sensitive information.

Summary of Progress

  • Current status update: memory and vector complete, messaging complete, proactive morning briefing pending, partial security setup noted.

Phase 3 Planning: Dashboard Development

Transitioning to Phase Three

  • Decision to proceed with phase three while considering whether notifications should go to Slack or Telegram or if a dashboard would be more beneficial.

Dashboard Conceptualization

  • Proposal for building a unified system dashboard to track tools in the environment, pending tasks, and running processes.

Planning Mode Activation

Enhancing Planning Efficiency

  • Switching back to planning mode for better results when adding new tasks; isolation from tool usage during planning emphasized.

Potential Frontend Development

  • Consideration of developing a graphical front end integrated with existing systems but questioning its necessity based on business outcomes rather than aesthetics.

Final Thoughts on System Utility

Balancing Aesthetics vs. Functionality

  • Reflection on current trends emphasizing flashy designs over practical utility; prioritizing secure outcomes over unnecessary features highlighted.

Proactive Notification Tools and Telegram Integration

Overview of the Agent Workforce System

  • The system features a comprehensive agent workforce overview, including 73 tools, 17 workflows, and memory database messages. This prototype allows for future expansion.

Testing Telegram API Functionality

  • The speaker sets up a Telegram API token to test message sending functionality within the environment, ensuring that all tools are operational.

Dashboard Insights

  • The dashboard is currently being tested for functionality, confirming that all panels work correctly and necessary components are in place.

Completion of Phase Three

  • Phase three of the project is completed with proactive notifications set to send messages via Telegram. The dashboard displays active employees (tools/systems), memory usage, recent activities, and workflows.

Future Enhancements Needed

  • While the current interface is functional, it requires aesthetic improvements. Users can search for any tools within the system for better navigation.

Testing Telegram Integration and Message Routing

Ensuring Remote Functionality

  • There’s a need to verify if the system can receive messages from Telegram while on-the-go (e.g., on a train or ship), allowing remote builds through messaging.

Polling Infrastructure Limitations

  • Although polling infrastructure exists to check whitelists and rate limits, it lacks routing capabilities to direct received messages to Claude for execution.

Options for Message Handling

  • Two options are considered: direct Claude code invocation or using the Anthropic API. Preference leans towards option A due to cost considerations associated with the Anthropic API.

System Setup and Future Capabilities

Utilizing Existing Hardware

  • The speaker repurposes an M1 MacBook Pro as a dedicated machine for this project instead of purchasing new hardware like a Mac Mini.

Team Collaboration Potential

  • Future plans include enabling multiple agents to collaborate on projects simultaneously without causing conflicts in operations.

Finalizing System Features

Testing Complex Requests

  • Claude's invocation works successfully; testing will continue with more complex requests utilizing governance protocols established by claude.mdance.

Handler Implementation

  • A handler is created for processing incoming messages from Telegram while ensuring permissions can be bypassed when necessary during unattended operations.

Successful Message Processing Confirmation

Full Flow Verification

  • Successful processing of a forward/start message confirms that both receiving and responding functionalities work seamlessly through Claude integration.

This structured summary captures key insights from the transcript while providing timestamps linked directly to relevant sections for easy reference.

Telegram Bot Integration with Claude

Overview of the Bot Functionality

  • The bot is designed to receive messages via Telegram, which then triggers a new session in VS Code for task execution without user visibility.
  • A simple test command is sent to build a "Hello World" dashboard, confirming the basic functionality of the integration.
  • The process involves sending a message to Telegram, validating it, and executing tasks through Claude before returning results back to Telegram.

Testing and Initial Results

  • After running the initial command, a pop-up window displays the dashboard; however, there are issues related to context retention.
  • A memory bug is identified where follow-up questions lack continuity due to no memory of previous interactions.

Addressing Memory Limitations

  • Discussion on how to implement persistent conversation history within Claude's sessions for better interaction continuity.
  • Phase one of memory implementation stores facts but lacks conversation continuity; plans are made to load past messages into each session.

Enhancements and Security Considerations

  • Successful implementation of persistent memory allows for improved interaction as Claude now retains context from previous messages.
  • Comparison with Maltbot highlights enhanced functionality and security features in this setup. Suggestions for further security enhancements are discussed.

Risk Assessment and Future Development

  • Emphasis on balancing security, functionality, and speed when developing systems; understanding trade-offs is crucial.
  • Plans for conducting risk assessments regarding governance and security protocols within the current environment using different AI models.

Building a Company Website Prototype

  • Request made for creating a website prototype for Atomic Ops based on specific design guidelines including color schemes and interactive elements.
  • Final checks on memory functionality ensure that all components work seamlessly together before proceeding with website development.

System Audit and Performance Issues

Persistent Memory and Logging

  • The system's persistent memory is functioning as expected, with updates occurring appropriately. Concerns about potential Telegram issues, such as message truncation and timeouts, are raised.
  • Daily logs indicate only one event recorded today, suggesting infrequent calls to memory write functions during sessions. A timeout issue in Telegram is identified as being too short, leading to failures in big builds.

Timeout Challenges

  • Both the Atomic Ops website and YouTube tool requests experienced a 5-minute timeout; however, the website still built successfully despite this limitation. This indicates a need for better communication regarding timeout occurrences.
  • Recommendations include extending the timeout duration to prevent future failures while acknowledging that successful builds can occur even with timeouts.

Strategic Focus Moving Forward

  • Emphasis on utilizing the current system over alternatives like Maltbot due to its capability of building various projects efficiently. The speaker encourages dedicating focused work sessions for optimal results.
  • The primary goal should shift towards client acquisition and revenue generation, allowing for personal leisure once financial targets are met.
Video description

Clawdbot (now called OpenClaw) has some serious issues for AI Automation. Security vulnerabilities - no access controls, weak logging, dangerous prompt exposure. Here's how I rebuilt it with production-grade architecture using Claude Code in an agentic workflow. Grab all the files here: https://drive.google.com/drive/folders/1PHw8DMk0q4rt0czxYqF3G4AoVZukzcnc?usp=sharing [Timestamps] 00:00 - Why Moltbot Can Destroy Your Business 01:06 - The GOTCHA Framework Explained 03:10 - Goals, Orchestration & Tools Layers 04:00 - Context, Hard Prompts & Args Layers 06:00 - The ATLAS Framework for Building Apps 11:14 - Gap Analysis: Moltbot vs My Environment 15:17 - The Plan to Bridge the Gap 22:06 - Setting Up Your Environment 23:00 - Initializing the Framework Structure 24:00 - Phase 1: Memory & Vector System 25:00 - Phase 2: Messaging Gateway 27:00 - Phase 3: System Dashboard 30:00 - Testing Telegram Integration 34:00 - Fixing Memory & Conversation Continuity 39:00 - Building a Website via Telegram -- Work with me: 🤝 Ready to transform your business? Let's talk: https://bit.ly/3TinLo5 🚀 Join the community → https://bit.ly/4okIaaa 💡 Add me on LinkedIn - https://www.linkedin.com/in/mansel-scheffel/ [ABOUT ME] If you're new here — I'm Mansel. In 2010, I left South Africa with nothing but a laptop and a digital piano. I taught myself IT, broke into cybersecurity in London, and built two consulting businesses - one in cyber, one in cloud - scaling solo to $52K+/month. Today, I run atomicOps, an AI consultancy based in New York where we help mid-market companies turn AI chaos into scalable systems as a transformation partner. I also help AI Automation Experts escape underpaid gigwork and build $25K+/month businesses using the same frameworks I used to scale mine.