Author: iFaner

Even if it’s a real lobster, not everyone is suited to eat it.

Using this phrase to describe the current absolute AI top player OpenClaw might be just the right fit.

The screenshots circulating on social media always show the most exquisite side of the lobster: Agent automatically handling emails, scheduling tasks across applications, functioning like a digital employee that never needs rest and never leaves messages on read in group chats.

This scenario creates a strong FOMO, making countless people think, "I want one too."

Thus, a collective frenzy about lobsters commenced. However, what no one mentions is what pot to use for the lobster, how much firewood to burn, and whether it will conveniently empty your refrigerator after entering your kitchen.

Today, we're not discussing those grand narratives that change the world, we're just calculating what the cost of raising one OpenClaw would be for ordinary people.

With a monthly salary of twenty thousand, one cannot afford a lobster

First, how can you experience OpenClaw?

The current most complete experience plan is to specially prepare a local hardware that is online continuously. OpenClaw founder Peter Steinberger himself once used a Mac Mini to run Agent, connecting to local files and integrating various tools for continuous task management.

As a result, the Apple Mac mini quickly sold out on major e-commerce platforms, with the Apple official website showing that the fastest delivery for new orders would not arrive until the end of April; and some second-hand platforms even emerged with "rent Mac mini to raise lobsters" services.

But if you want to lower API costs with a local model, the hardware barrier will suddenly increase.

If you want to save on that hardware cost, you can opt for cloud servers. Tencent Cloud and Alibaba Cloud both offer one-click deployment solutions, with prices ranging from dozens to hundreds of yuan, along with Kimi Claw, MaxClaw, and the newly launched AutoClaw, which are all focused on being ready to use out of the box.

What if you can’t buy a machine? Use your old computer to give it a try. But OpenClaw has extremely mysterious requirements for the system environment, especially the version of Node.js. Countless passionate young people spent an all-nighter following tutorials, only to end up stuck at a command line error screen.

This anxiety over wanting to use it but being unable to has also spawned a profitable industry for remote installation of OpenClaw: On domestic platforms, remote installation starts at a few dozen yuan, while on-site services typically cost between 500 to 1500 yuan. A foreign website named SetupClaw quotes prices between 3000 to 6000 dollars.

Even if you successfully deploy the lobster, it is advisable to keep an eye on subsequent pitfalls.

In the era of chatbot AI, user subscriptions are typically paid monthly, where you ask once and receive an answer once, keeping costs static. But once the Agent starts running tasks, each time it reads a webpage, invokes tools, checks files, or retries errors, it is consuming tokens at a frantic pace while struggling under the weight.

This also reminds me of a popular saying lately: "With a monthly salary of twenty thousand, one cannot afford OpenClaw."

The OpenClaw official documentation states very clearly: the cost of raising a "lobster" comes not only from the core model's responses but also from webpage reading, memory retrieval, summarization, tool invocation, and workspace files and bootstrap configurations filled into system prompts.

As the context lengthens and calls are repeated several times, the burning tokens become quite expensive. Specifically in terms of pricing, based on market conditions in March 2026, running OpenClaw with Claude Sonnet would accumulate around ten million input and ten million output tokens monthly, with costs nearing a hundred dollars.

If you treat it as an all-day executing Agent and run high-difficulty tasks with advanced models, monthly fees exceeding a thousand dollars would not be surprising.

Market data also corroborates this consumption pattern. The amount of tokens processed by OpenRouter soared from 6.4 trillion weekly to 13 trillion.

In this ecological chain, the top winners are always the major AI manufacturers that find consumer-end scenarios, profiting from computing power and APIs; the second layer consists of cloud vendors and "knowledge payers," making money from services and information asymmetry; the only affected parties are regular users who pay to burn tokens and bear system risks.

Before installing OpenClaw, you’ve already paid your first safety tuition fee

To take a step back, even if you’re not short on money, security issues are the real minefield that keeps people restless.

The Microsoft security team has previously warned about the dangers of the lobster: OpenClaw should be regarded as "an untrusted code execution environment carrying persistent credentials," unsuitable for direct operation on standard personal computers or enterprise workstations.

The problem is not whether it can be used, but rather that it inherently stands in a very dangerous position. High privileges, high connectivity, and high automation—these three things together should inherently prevent complacency. Yet many people treat installing OpenClaw with a mindset akin to that of installing chat software, leading to significant risks.

Monitoring from the Shodan platform shows that over a hundred thousand OpenClaw instances are directly exposed on the public internet, in a state of zero certification, with substantial numbers located in China, according to data from Qihoo 360.

The Ministry of Industry and Information Technology has also specifically issued risk alerts, noting that OpenClaw gateways do not verify request sources under default configuration; users simply need to mistakenly click on a malicious link in the browser, and attackers can take over all of the Agent's system permissions through local ports.

What’s more troublesome is that some people have even paid their first tuition fee without having properly installed the legitimate version.

Security research agency Huntress discovered last month that someone took advantage of the overwhelming popularity of OpenClaw by forging installation packages on GitHub, implanting the Vidar information stealing Trojan and GhostSocks proxy malware.

Even Bing search ads were used for traffic generation, with users searching for "OpenClaw Windows," and AI recommending links that directly pointed to a newly created malicious GitHub repository. These fake installation packages were uploaded on February 2, and it wasn't until February 10 that they were discovered and taken down, lasting a full eight days.

Bing AI's search results linked to a malicious installation program hosted on GitHub. https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer

The plugin ecosystem is similarly a concealed minefield.

Network security agencies have audited and found that about 12% of Skills in the ClawHub plugin market contain malicious code, typically masquerading as popular categories like cryptocurrency assistants or YouTube tools, executing normal tasks while secretly stealing SSH keys, browser passwords, and API keys in the background.

Since plugins are mostly stored in Markdown or YAML formats, regular users cannot visually identify them. What’s worse, even if the official removes known malicious plugins, historical backups still remain in GitHub repositories. What exactly the person who installed it for you accidentally included is often unknown even to the installer.

Such risks do not simply disappear because the users are sufficiently professional.

Meta AI's security research director Summer Yue connected her work email to OpenClaw, and the Agent began rapidly deleting emails, not responding to her repeated "STOP" commands; ultimately, she had to physically disconnect the machine to stop the losses. (Related reading: The first batch of OpenClaw victims have emerged! Four safety bottom lines to understand before installation)

The reason is not that the model is not smart enough. Instead, OpenClaw's context compression mechanism overlooked her previously set bottom line instruction of "do not execute without confirmation" while processing a large volume of emails. Within the system design priorities, there is no option for "the user can stop at any time."

A top expert specializing in AI security risks could not hit the brakes at a critical moment and ended up in trouble; one can only imagine the risks faced by the average user.

Ultimately, everyone’s anxiety is not without reason. Just like last year’s DeepSeek, which is akin to today’s OpenClaw, AI tends to introduce a new species every so often, pushing people to the psychological brink of "if I don't use it, I will fall behind."

However, many times, what truly overwhelms people is not the inadequacy of the tools, but rather the abundance, complexity, and noise of tools available. A study by the Harvard Business Review in March this year confirmed this situation with data.

After surveying 1,488 full-time workers, researchers found that productivity actually decreases when using more than three AI tools simultaneously.

They termed this state "AI brain overload," with typical manifestations including attention saturation, decision fatigue, and persistent brain fog. Employees experiencing this state had a 39% higher intention to resign than others. Those who are most adept at using AI may sometimes end up being "overwhelmed" by it in another way.

Thus looking back, whether you treat OpenClaw as a toy, or use it for high-value, low-frequency tasks, the costs are generally controllable, and the risks also manageable. However, if you treat it as a digital employee that needs to be maintained 24 hours a day, the costs, risks, and management complexities will rise rapidly.

For the vast majority of ordinary users, waiting for the next generation of more stable, safer, and cost-effective products is often much more rational than rushing in to be the first batch of guinea pigs.

The first person to eat a crab is to be respected. But the one hundredth person to eat crab usually enjoys it more and at a lower cost.

Uninstallation Guide

If you have read this far, you have determined that the costs and risks posed by OpenClaw far outweigh the benefits, and you're deciding to part ways with this "lobster" on decent terms, there is still a way out. Its uninstallation is a bit different from ordinary software; simply dragging it into the trash won't suffice.

There are two paths for uninstallation: if the CLI is still available, take the easy path; if the CLI is no longer accessible but the service is still running, take the manual cleanup path.

Easy Path (CLI is still available)

If you want to do it step by step manually, the effects are exactly the same; execute in order:

First step, stop the gateway service:

openclaw gateway stop

Second step, uninstall the gateway service itself:

openclaw gateway uninstall

Third step, delete local state and configuration files:

rm -rf "${OPENCLAW_STATE_DIR:-$HOME/.openclaw}"

Note: If you set the OPENCLAW_CONFIG_PATH to a custom path outside the state directory, that file also needs to be manually deleted, otherwise there will be residues.

Fourth step, delete the workspace (optional but recommended, as it will also clear files generated during Agent runtime):

rm -rf ~/.openclaw/workspace

Fifth step, uninstall the CLI itself, choosing the corresponding command according to the installation method at the time: # npm installation

If you also installed the macOS desktop version, remember to handle that as well:

rm -rf /Applications/OpenClaw.app

Manual Cleanup Path (CLI is unavailable but the service is still running)

If the CLI is no longer accessible but the gateway service is still silently running in the background, you'll need to handle this according to the operating system.

macOS users:

The default service label is _ai.openclaw.gateway_, execute:

If you used the --profile parameter, be sure to replace the command's label and plist filename with ai.openclaw.profile_name>. Additionally, if older versions of OpenClaw leave behind com.openclaw.* format plists, delete those as well.

Linux users:

The default service unit name is _openclaw-gateway.service_, execute:

Several easily overlooked details

In cases of multiple profiles: If you created multiple configurations using the --profile parameter, each profile has its independent state directory, with the default path being _~/.openclaw-_profile_name>, which needs to be found and deleted one by one. None can be missed; otherwise, residual data will remain.

In remote mode: If you are using remote mode, the state directory is not on your local machine but on the gateway host. This means that the steps above of stopping the service, deleting the state directory need to be executed by logging into the gateway host; local machine operations are insufficient.

In cases of source code installation: If you installed it through git clone, the uninstallation order is crucial—it is essential to uninstall the gateway service first (using the easy path or manual cleanup path), then delete the repository directory, and finally clean up the state and workspace. The order cannot be reversed; otherwise, if the service is still running, deleting the repository will not clean properly.

Once all these steps are completed, you can truly say goodbye to this lobster.

Reference address: https://docs.openclaw.ai/install/uninstall

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。