🐯Stalecollected in 29m

OpenClaw Token Bills Shock Users

OpenClaw Token Bills Shock Users
PostLinkedIn
🐯Read original on 虎嗅

💡OpenClaw's 100x token costs + security holes: must-read for agent builders

⚡ 30-Second TL;DR

What Changed

Users lose $100+ in 2 hours; one night chats cost 100万 tokens.

Why It Matters

Highlights agent economics: high costs limit mass adoption but fuel model providers' growth. Practitioners must budget carefully amid security warnings.

What To Do Next

Set strict API quotas and monitor OpenClaw token spend via provider dashboards.

Who should care:Developers & AI Engineers

🧠 Deep Insight

Web-grounded analysis with 8 cited sources.

🔑 Enhanced Key Takeaways

  • OpenClaw's memory system uses Markdown files with hybrid BM25 and vector search indexing (via Milvus) to reduce token consumption by enabling selective context retrieval instead of loading entire conversation histories into the context window[1].
  • Critical security vulnerability CVE-2026-25253 allows attackers to steal authentication tokens through malicious WebSocket servers and two-stage webpage exploits, granting full system access since OpenClaw agents run with elevated privileges[4].
  • OpenClaw supports multi-model access through a unified API gateway, with pricing ranging from 4 cents per million tokens (Kimi K 2.5) to $3 per million tokens (Claude Sonnet 4.6), enabling cost optimization through model selection[2].
📊 Competitor Analysis▸ Show

| Capability | Mem0 / Zep | memsearch (OpenClaw) | |--|--|--| | Source of Truth | Vector database (sole) | Markdown files + Milvus index | | Transparency | Black box API | Open .md file inspection | | Editability | API calls only | Direct text editor editing | | Version Control | Separate audit logging | Native Git support | | Migration Cost | Export → convert → re-import | Copy Markdown folder | | Human-AI Collaboration | AI writes, humans observe | Humans edit, supplement, review |[1]

🛠️ Technical Deep Dive

  • Message Flow Architecture: Six-phase pipeline—Ingestion → Access Control & Routing → Context Assembly → Model Invocation → Tool Execution → Response Delivery[5]
  • Authentication Model: Device-based tokens issued by Gateway after initial approval, preventing unauthorized access even if authentication token is compromised; Control UI requires HTTPS or localhost for secure device identity generation via crypto.subtle[5]
  • Platform Integration: WhatsApp (QR code pairing via Baileys library), Telegram/Discord (bot tokens via environment variables), iMessage (native macOS integration)[5]
  • Token Streaming: Responses streamed token-by-token from model providers (Anthropic Claude, OpenAI GPT, Google Gemini, local models) instead of waiting for complete responses[5]
  • Security Gaps: No enforced password/token complexity requirements; trivial strings like 'a' accepted as valid credentials, enabling brute-force attacks on exposed instances[6]

🔮 Future ImplicationsAI analysis grounded in cited sources

Markdown-first memory architecture will become industry standard for cost-efficient AI agents
The hybrid BM25 + vector search approach in OpenClaw demonstrates 10-100x token reduction compared to full-context loading, making it a replicable pattern for competing frameworks.
Chinese open-source models will capture increasing market share in cost-sensitive AI agent deployments
MiniMax and Kimi K 2.5 pricing (30 cents and 4 cents per million tokens respectively) undercuts Western models by 75-99%, incentivizing adoption in price-conscious markets.
Device-token authentication will replace simple token-only models in production AI agent platforms
CVE-2026-25253 demonstrates that single-factor token authentication is insufficient; device pairing adds a second verification layer that mitigates token theft attacks.

Timeline

2025-11
OpenClaw launched as open-source AI agent framework designed to run locally on user machines[8]
2026-02
Security vulnerability CVE-2026-25253 disclosed, enabling token theft via malicious WebSocket servers and two-stage webpage exploits[4]
2026-03
OpenClaw token cost crisis reported; users experiencing $100+ charges in 2-hour sessions due to multi-step agent decomposition[1][3]
📰

Weekly AI Recap

Read this week's curated digest of top AI events →

👉Related Updates

AI-curated news aggregator. All content rights belong to original publishers.
Original source: 虎嗅