Honest framing#
OpenClaw is the open-source self-hosted agent runtime created by Peter Steinberger. By March 2026 it had passed 250,000 GitHub stars, surpassing React to become one of the most-starred software projects on GitHub. It proved at consumer scale that people want their AI assistant to run on their own machine, persist across sessions, and connect to the messaging surfaces they already use.
LumenFlow does not compete with OpenClaw on personal AI. It picks up the same architectural thesis — your compute, persistent runtime, central session state — and applies enterprise-grade governance from the first commit, instead of retrofitted after a security incident.
What OpenClaw got right#
| Strength | What it means |
|---|---|
| BYOC by default | A self-hosted Gateway running on the user's own machine, not a hosted cloud agent |
| Channel diversity | Adapters for messaging platforms (Slack, Discord, Telegram, Signal, WhatsApp) bring AI into the surfaces people already use |
| Open skill ecosystem | A skills marketplace lets the community extend the runtime quickly |
| Architectural clarity | Channel / brain / body separation made the runtime easy to reason about |
Where OpenClaw struggles in regulated environments#
In early 2026 OpenClaw shipped CVE-2026-25253 (a critical remote-code execution vulnerability), faced a large-scale supply-chain campaign in the ClawHub skills marketplace (researchers reported 820+ malicious skills), and was independently scored at 1.2/5 against the Zenity CISO checklist for production use in regulated environments. Reported native gaps include plaintext credential storage, no role-based access control, and missing audit trails.
These are not LumenFlow's claims — they are public findings. They matter because they change the question a CISO asks: not "does the runtime work?" but "can I take it to a compliance audit?"
Where LumenFlow differs#
| LumenFlow | Why it matters in regulated environments |
|---|---|
| Governed-runtime kernel | Every tool call passes through scope intersection, deny-wins Rules, and approval gates before any side effect |
| Signed Packs | Tools, policies, and evidence types ship as integrity-pinned Packs with import-boundary enforcement, not an open marketplace of community skills |
| Approvals as a first-class noun | Risky actions pause for human approval; the approval is a record, not a notification |
| Signed, verifiable Proof | Evidence bundles are detached-signed; a verifier CLI can confirm a bundle has not been tampered with after the fact |
| Per-runtime identity | Connections enrol with short-lived tokens, per-runtime keypairs, and rotation support — not reusable shared secrets |
When to choose which#
Pick OpenClaw when:
- You're an individual or small team building a personal AI assistant
- You want maximum extensibility through community skills
- Compliance is not a procurement gate
Pick LumenFlow when:
- You need governed AI work in a team, organisation, or regulated environment
- An auditor or CISO will ask how you know what your AI did
- You need third-party-verifiable evidence, not just logs
- You want the BYOC philosophy without the security-and-compliance retrofit cost
The short version#
OpenClaw is what showed people they wanted AI on their own compute. LumenFlow is what you ship to a regulated team.
info See Connections: Trusted Compute for how LumenFlow runs governed AI work on customer-owned compute, and Autonomy policies and tool-call approvals for how Rules and Approvals decide what an agent can do on its own.