open/claude-code-complete-agent
1
0
Fork 0
Code Activity Actions

feat: add Computer Use, Remote Control, Auto Mode, and Cowork integration

Browse source 
Major update based on Anthropic's March 24, 2026 releases:

- feature-map.md: expanded from 20 to 22 capabilities, gaps reduced
  from 2 to 1 (only Canvas/A2UI remains)
- examples/11-computer-use: desktop control via screenshots and clicks
- examples/12-remote-control: /rc and Dispatch for phone control
- examples/13-auto-mode: AI safety classifier for autonomous execution
- cowork-integration/: how Code + Cowork + Dispatch together replicate
  OpenClaw's full feature set
- security/auto-mode-explained.md: deep-dive on the new permission mode
- Updated README with broader ecosystem table and revised scores

Score: 12 full match (55%), 9 different approach (41%), 1 gap (4%)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-03-26 10:04:05 +01:00
commit e8a5403f91
9 changed files with 553 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

73
README.md
View file

@ -2,27 +2,29 @@
A working setup that demonstrates every major OpenClaw capability A working setup that demonstrates every major OpenClaw capability
using Claude Code's ecosystem: tools, MCP servers, plugins, hooks, using Claude Code's ecosystem: tools, MCP servers, plugins, hooks,
agents, skills, and triggers. agents, skills, triggers, Computer Use, and Remote Control.
Companion repo for the article Companion repo for the article
[Every OpenClaw Feature, Covered by Claude Code](https://fromaitochitta.com/openclaw-vs-claude-code-every-feature-compared). [Every OpenClaw Feature, Covered by Claude Code](https://fromaitochitta.com/openclaw-vs-claude-code-every-feature-compared).
## Why this exists ## Why this exists
OpenClaw has 247K GitHub stars and 20 major capabilities. It is the OpenClaw has 247K GitHub stars and 22 major capabilities. It is the
fastest-growing open-source project in history. This repo shows that fastest-growing open-source project in history. This repo shows that
Claude Code covers 18 of those 20 capabilities, with 11 full matches Claude Code's ecosystem (Code + Cowork + Dispatch) covers 21 of
and 7 different approaches. Two gaps remain: Gateway/Control Plane those 22, with 12 full matches and 9 different approaches. One gap
and Canvas/A2UI. remains: Canvas/A2UI.
This is not a theoretical comparison. Clone this repo, open Claude This is not a theoretical comparison. Clone this repo, open Claude
Code, and try each example yourself. Code, and try each example yourself.
## Prerequisites ## Prerequisites
- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) v2.1.81+ - [Claude Code](https://docs.anthropic.com/en/docs/claude-code) v2.1.86+
- Node.js 18+ (only needed for Playwright MCP) - Node.js 18+ (only needed for Playwright MCP)
- A terminal (macOS or Linux) - A terminal (macOS or Linux)
- For Computer Use: Claude Code Desktop app + macOS
- For Dispatch: Claude mobile app (iOS/Android)
No npm install. No Docker. No build step. No npm install. No Docker. No build step.
@ -57,11 +59,12 @@ Paste the prompt from examples/01-agent-runtime/prompt.md
| Path | What it covers | | Path | What it covers |
|------|---------------| |------|---------------|
| `security/` | Permission modes, hook patterns, NemoClaw comparison | | `security/` | Permission modes, Auto Mode, hook patterns, NemoClaw comparison |
| `memory/` | How Claude Code memory works vs OpenClaw's vector search | | `memory/` | How Claude Code memory works vs OpenClaw's vector search |
| `automation/` | Cron, launchd, /loop, /schedule | | `automation/` | Cron, launchd, /loop, /schedule |
| `messaging/` | Slack MCP, Telegram Channels, channel comparison | | `messaging/` | Slack MCP, Telegram Channels, channel comparison |
| `browser/` | Playwright MCP setup and usage | | `browser/` | Playwright MCP setup and usage |
| `cowork-integration/` | How Code + Cowork + Dispatch together replicate OpenClaw |
### Examples (try these) ### Examples (try these)
@ -77,43 +80,61 @@ Paste the prompt from examples/01-agent-runtime/prompt.md
| 08 | Cron/Automation | /loop, CronCreate, /schedule | HEARTBEAT.md + cron | | 08 | Cron/Automation | /loop, CronCreate, /schedule | HEARTBEAT.md + cron |
| 09 | Security Hooks | PreToolUse/PostToolUse | Exec approvals + Docker | | 09 | Security Hooks | PreToolUse/PostToolUse | Exec approvals + Docker |
| 10 | Full Pipeline | All capabilities combined | Complete workflow | | 10 | Full Pipeline | All capabilities combined | Complete workflow |
| 11 | Computer Use | Control desktop apps | macOS/iOS/Android apps |
| 12 | Remote Control | /rc + Dispatch (phone) | Telegram/WhatsApp control |
| 13 | Auto Mode | AI safety classifier | Autonomous daemon mode |
Each example has a self-contained prompt you can paste directly Each example has a self-contained prompt you can paste directly
into Claude Code. into Claude Code.
## The feature map ## The feature map
See [feature-map.md](feature-map.md) for the complete 20-row See [feature-map.md](feature-map.md) for the complete 22-row
comparison table with verdicts and version requirements. comparison table with verdicts and version requirements.
**Summary:** 11 full match, 7 different approach, 2 gaps. **Summary:** 12 full match, 9 different approach, 1 gap.
## What Claude Code does not do (today) ## The broader ecosystem
**Gateway/Control Plane:** OpenClaw runs a WebSocket server with a Claude Code is one part of Anthropic's answer to OpenClaw:
control UI and OpenAI-compatible API. Claude Code has no equivalent.
If you need a programmable HTTP interface to your agent, OpenClaw
is the better choice.
**Canvas/A2UI:** OpenClaw's canvas is an interactive HTML workspace | Product | What it does | Best for |
served by the gateway. Claude Code can generate HTML and preview it |---------|-------------|----------|
via Playwright, but there is no persistent interactive surface. | **Claude Code** (CLI) | Terminal agent with hooks, plugins, MCP | Developers |
| **Claude Code Desktop** | Desktop app with Computer Use | GUI automation |
| **Cowork** | Non-technical agent with built-in connectors | Everyone |
| **Dispatch** | Mobile task assignment from phone | Remote control |
| **/schedule** | Remote triggers via claude.ai | Always-on tasks |
| **Agent SDK** | Programmatic control for CI/CD | Automation |
These gaps matter most for always-on, multi-user automation. For See [cowork-integration/README.md](cowork-integration/README.md)
development and task execution, they are less relevant. for a detailed breakdown of how these combine to cover OpenClaw's
feature set.
## Security note ## The remaining gap
The hooks in this repo demonstrate security patterns, but they are **Canvas/A2UI (the only gap):** OpenClaw's canvas is an interactive
examples, not a production security configuration. Review and HTML workspace. Claude Code can generate HTML and preview it via
customize them for your environment: Playwright or Computer Use, but there is no persistent interactive
surface. Artifacts in claude.ai are the closest equivalent but are
not available in Claude Code.
- `hooks/pre-tool-use.sh` blocks known-dangerous commands ## Security
Four permission modes, from manual approval to full autonomy:
1. **Default:** Ask for every action (learning)
2. **Auto-edit:** Pre-approved patterns (known workflows)
3. **Auto Mode:** AI classifier reviews each action (autonomous)
4. **Bypass:** No checks (sandboxed environments only)
The repo includes working security hooks:
- `hooks/pre-tool-use.sh` blocks dangerous commands
- `hooks/post-tool-use.sh` logs all tool executions - `hooks/post-tool-use.sh` logs all tool executions
- `.claude/settings.json` has a permission deny list - `.claude/settings.json` has a permission deny list
Read `security/permission-modes-explained.md` before running Read `security/` for the full picture, including an honest
Claude Code on anything sensitive. comparison with NemoClaw's enterprise security.
## License ## License

105
cowork-integration/README.md Normal file
View file

@ -0,0 +1,105 @@
# Cowork Integration: The Full OpenClaw Alternative
Claude Code alone covers 55% of OpenClaw features with a full
match and 41% with a different approach. But Claude Code is just
one product in Anthropic's ecosystem. Together, Claude Code +
Cowork + Dispatch get you closer to 95% of what OpenClaw does.
## The ecosystem
```
┌─────────────────────┐
│ Your Phone │
│ (Dispatch app) │
└────────┬────────────┘
│ assigns tasks
┌────────▼────────────┐
│ Your Mac │
│ │
│ ┌───────────────┐ │
│ │ Claude Cowork │ │ ← Desktop agent, computer use,
│ │ (Desktop app) │ │ connected apps, scheduled tasks
│ └───────────────┘ │
│ │
│ ┌───────────────┐ │
│ │ Claude Code │ │ ← Developer agent, terminal,
│ │ (CLI/IDE) │ │ plugins, hooks, agents, MCP
│ └───────────────┘ │
│ │
└─────────────────────┘
┌────────▼────────────┐
│ VPS / Server │
│ (Headless CC) │ ← Always-on, cron, /schedule
└─────────────────────┘
```
## Which product for which use case
| Use case | Best tool | Why |
|----------|-----------|-----|
| Write code, manage repos | Claude Code (CLI) | Full terminal access, hooks, plugins |
| Control desktop apps (Photoshop, Excel) | Cowork (Computer Use) | Screen control, native app access |
| Send tasks from phone | Dispatch | Mobile-first, paired to desktop |
| Continue CC session remotely | /rc (Remote Control) | Works with CLI sessions |
| Run agent 24/7 on server | Headless CC on VPS | No display needed |
| Scheduled autonomous tasks | /schedule or CronCreate | Triggers from web or crontab |
| Connect to Slack, Google, Notion | Cowork connectors | Built-in, no config |
| Connect to any API | Claude Code + MCP | Flexible, developer-controlled |
## Can you build an OpenClaw replacement with this?
Mostly, yes. Here is how each OpenClaw selling point maps:
### "Runs 24/7 on your hardware"
- **Cowork** with "keep computer awake" on a Mac Mini
- **Headless CC** on a VPS ($5/month server)
- **Both** require internet for Anthropic API calls (same as
OpenClaw when using cloud models)
### "Control it from Telegram/WhatsApp"
- **Dispatch** from Claude mobile app (closest match)
- **/rc** from any browser on your phone
- **Telegram** via Claude Code Channels (v2.1.80+)
- Gap: no WhatsApp, Discord, Signal, iMessage native support
(OpenClaw has 15+ channels)
### "It manages files, emails, calendars, browsers"
- **Cowork** has Slack, Google Workspace, Notion connectors
- **Claude Code** has file management + Playwright MCP for browser
- **Computer Use** handles anything with a GUI
- Gap: no native email/calendar integration in CC CLI (use MCP)
### "It remembers everything about you"
- **CLAUDE.md** hierarchy + auto-memory for CC
- **Cowork** has its own context/memory system
- Gap: no vector search. OpenClaw's SQLite-vec/LanceDB memory
is more sophisticated for semantic recall
### "Open source, works with any LLM"
- **Not replicable.** Claude Code only works with Claude models.
This is a fundamental architectural difference. If model
flexibility matters to you, OpenClaw is the better choice.
### "5,700+ community skills"
- **2,300+** in Claude marketplace, growing fast
- Claude Code skills + plugins are a younger but active ecosystem
- You can write your own skills in minutes (see `.claude/skills/`)
## The honest assessment
If you are a developer who primarily wants an AI coding agent
with deep terminal integration, hooks, plugins, and MCP: Claude
Code is the better choice. It is more polished, more secure, and
requires no self-hosting.
If you want a general-purpose life automation agent that runs 24/7
across 15+ messaging channels with any LLM: OpenClaw is still the
better choice. The ecosystem is larger and more flexible.
If you want both: run Claude Code for development work and
OpenClaw for life automation. They do not conflict.
Ethan Mollick put it well: Anthropic's offering is "90% of
everything I wanted from OpenClaw, but far less likely to post
all my personal information on the internet."

54
examples/11-computer-use/prompt.md Normal file
View file

@ -0,0 +1,54 @@
# Example 11: Computer Use
Demonstrate Claude Code's ability to control your desktop: open
apps, click buttons, fill forms, take screenshots. This is the
capability that made people say "Anthropic just killed OpenClaw."
**OpenClaw equivalent:** Browser automation + macOS/iOS/Android
companion apps with screen control.
**Requirements:**
- Claude Code Desktop app (not CLI-only)
- macOS with Accessibility and Screen Recording permissions granted
- Computer Use enabled in Settings > Desktop app > General
- Pro or Max plan
## The prompt
```
Open Safari, navigate to Hacker News, take a screenshot of the
front page, then open TextEdit and write a summary of the top
5 stories with their point counts. Save the file as
hn-summary-today.txt on the Desktop.
```
## What happens
1. Claude takes control of your screen (golden border appears)
2. Opens Safari, navigates to news.ycombinator.com
3. Takes a screenshot to read the page content
4. Opens TextEdit (or creates a new document)
5. Types the summary with story titles and point counts
6. Saves the file to your Desktop
## How this compares to OpenClaw
OpenClaw controls the browser via CDP/Playwright (programmatic).
Its macOS/iOS companion apps can interact with the desktop.
Claude Code Computer Use controls the screen like a human:
screenshots, mouse clicks, keyboard input. It is slower but
works with any application, not just browsers.
## Limitations (honest)
- Research preview. Expect rough edges.
- macOS only (for now)
- Slower than Playwright for browser-only tasks
- Cannot interact with apps that block screen recording
- Some actions cannot be undone (the macOS permission warning
is real)
For browser-only automation, Playwright MCP (example 04) is
faster and more reliable. Computer Use shines when you need to
interact with native desktop apps that have no API or CLI.

71
examples/12-remote-control/prompt.md Normal file
View file

@ -0,0 +1,71 @@
# Example 12: Remote Control and Dispatch
Control your Claude Code session from your phone. This is
Anthropic's answer to OpenClaw's Telegram integration: manage
your AI agent from anywhere.
**OpenClaw equivalent:** Telegram, WhatsApp, or any of the
15+ messaging channels for sending commands remotely.
## Option A: Remote Control (/rc) for Claude Code
Works with the CLI. No Cowork needed.
### Setup
1. Start a Claude Code session in your terminal
2. Type `/rc` (short for `/remote-control`)
3. A URL and QR code appear
4. Scan the QR code with your phone or open the URL in any browser
5. You now have a full interactive session from your phone
### The prompt (from your phone)
```
Search the web for the latest Claude Code changelog entries,
summarize the 3 most important features, and save the summary
to changelog-latest.md in the project root.
```
### What happens
- Your phone sends the message to the active CC session
- Claude Code executes on your computer (terminal stays active)
- Results appear on both your phone and the terminal
- You can continue the conversation from either device
## Option B: Dispatch for Cowork
If you use Claude Cowork (desktop app), Dispatch lets you
assign tasks from the Claude mobile app.
### Setup
1. Open Claude Desktop app on Mac
2. Switch to Cowork mode
3. Go to Dispatch in settings
4. Scan QR code with Claude mobile app (iOS/Android)
5. Your phone is now paired to your desktop agent
### How it differs from /rc
| Feature | /rc (Claude Code) | Dispatch (Cowork) |
|---------|------------------|------------------|
| Interface | Terminal session | Desktop app |
| Requires | CLI | Cowork desktop app |
| Phone app | Any browser | Claude mobile app |
| Computer Use | No | Yes |
| Connected apps | Via MCP | Built-in (Slack, Google, Notion) |
## The OpenClaw comparison
OpenClaw lets you text your agent via Telegram, WhatsApp,
Discord, or 12+ other channels. The agent is always-on.
Claude Code /rc requires an active session. Dispatch requires
Cowork running on your Mac. Neither is truly "always-on" in
the OpenClaw sense, but /schedule (remote triggers) can start
sessions on demand from the web.
The gap is narrowing. For most "text my agent from my phone"
use cases, /rc or Dispatch gets the job done.

83
examples/13-auto-mode/prompt.md Normal file
View file

@ -0,0 +1,83 @@
# Example 13: Auto Mode
Let Claude Code run autonomously with an AI safety classifier
reviewing every action. No manual approvals needed. This is the
feature that makes Claude Code feel like OpenClaw's daemon mode.
**OpenClaw equivalent:** Default autonomous mode with Docker
sandbox + exec approvals for dangerous commands.
**Requirements:**
- Claude Code v2.1.86+
- Team plan or higher (research preview)
## Enabling Auto Mode
From the CLI:
```bash
claude --enable-auto-mode
```
In an active session, press `Shift+Tab` to cycle through
permission modes until you reach Auto Mode.
## The prompt
```
Clone the repository at https://github.com/example/sample-app,
install dependencies, run the test suite, fix any failing tests,
and create a summary of what you changed in CHANGES.md.
```
## What happens
1. Claude Code clones the repo (no permission prompt)
2. Runs `npm install` (no permission prompt)
3. Runs `npm test` (no permission prompt)
4. Reads failing test output, edits source files (no prompt)
5. Re-runs tests until they pass (no prompt)
6. Writes CHANGES.md (no prompt)
Every action is reviewed by the safety classifier (Sonnet 4.6)
before execution. If an action is flagged as risky (e.g., mass
file deletion, data exfiltration), it is blocked and Claude is
redirected to take a different approach.
## How the safety classifier works
Two-layer system:
1. **Fast filter:** Quick yes/no on the action category
2. **Chain-of-thought:** Detailed reasoning for borderline cases
Performance (Anthropic's internal testing):
- 0.4% false positive rate (safe actions incorrectly blocked)
- 5.7% false negative rate (risky actions not caught)
The classifier runs on Sonnet 4.6 regardless of your session model.
## Permission mode comparison
| Mode | Approvals | Safety | Use case |
|------|----------|--------|----------|
| Default | Every action | Maximum | Learning, sensitive projects |
| Auto-edit | Pre-approved patterns | High | Known workflows |
| Auto Mode | AI classifier | High | Autonomous execution |
| Bypass | None | Minimal | Sandboxed environments only |
## How this compares to OpenClaw
OpenClaw runs autonomously by default. Safety comes from Docker
sandboxing (container limits what the agent can do even if it
tries something dangerous).
Claude Code Auto Mode runs autonomously with an AI classifier
reviewing each action before execution. Safety comes from
pre-execution screening, not post-execution containment.
Different philosophy:
- **OpenClaw:** "Let it try, contain the damage" (sandbox)
- **Claude Code:** "Review before executing" (classifier)
Both have trade-offs. Sandboxes catch unknown threats. Classifiers
prevent the action from happening at all but may miss novel attacks
(5.7% false negative rate).

126
feature-map.md
View file

@ -1,6 +1,8 @@
# OpenClaw vs Claude Code: Complete Feature Map # OpenClaw vs Claude Code: Complete Feature Map
Every major OpenClaw capability, mapped to its Claude Code equivalent. Every major OpenClaw capability, mapped to its Claude Code equivalent.
Updated March 2026 to include Auto Mode, Computer Use, Remote Control,
and Dispatch.
## Verdict legend ## Verdict legend
@ -10,69 +12,109 @@ Every major OpenClaw capability, mapped to its Claude Code equivalent.
| ~ | Different approach | Achievable but requires more setup or different architecture | | ~ | Different approach | Achievable but requires more setup or different architecture |
| ❌ | Gap | Not possible today without significant workarounds | | ❌ | Gap | Not possible today without significant workarounds |
## The map (20 capabilities) ## The map (22 capabilities)
| # | Capability | OpenClaw | Claude Code | Verdict | | # | Capability | OpenClaw | Claude Code Ecosystem | Verdict |
|---|-----------|----------|-------------|---------| |---|-----------|----------|----------------------|---------|
| 1 | Agent Runtime | Long-running daemon, tool exec, streaming | CLI agent loop, tool exec, streaming | ✅ | | 1 | Agent Runtime | Long-running daemon, tool exec, streaming | CLI agent loop + Auto Mode (AI safety classifier) | ✅ |
| 2 | Shell Execution | `exec` tool, PTY, background, elevated | Bash tool with permission system | ✅ | | 2 | Shell Execution | `exec` tool, PTY, background, elevated | Bash tool + Auto Mode (no manual approvals) | ✅ |
| 3 | File I/O | read, write, edit, apply_patch | Read, Write, Edit, Glob, Grep | ✅ | | 3 | File I/O | read, write, edit, apply_patch | Read, Write, Edit, Glob, Grep | ✅ |
| 4 | Web Search | Brave Search, Firecrawl fallback | WebSearch + WebFetch (built-in) | ✅ | | 4 | Web Search | Brave Search, Firecrawl fallback | WebSearch + WebFetch (built-in) | ✅ |
| 5 | Browser | CDP/Playwright, screenshots, act | Playwright MCP (same engine) | ✅ | | 5 | Browser | CDP/Playwright, screenshots, act | Playwright MCP + Computer Use (Desktop) | ✅ |
| 6 | Memory | Daily logs + vector search | CLAUDE.md hierarchy + auto-memory | ~ | | 6 | Computer Use | Browser + desktop app control | Computer Use in CC Desktop + Cowork (research preview) | ✅ |
| 7 | Multi-Agent | Sub-agents, mesh, agent-to-agent | Agent Teams, SendMessage, worktree | ✅ | | 7 | Memory | Daily logs + vector search | CLAUDE.md hierarchy + auto-memory | ~ |
| 8 | Messaging | 15+ native channels | MCP + Telegram native (v2.1.80) | ~ | | 8 | Multi-Agent | Sub-agents, mesh, agent-to-agent | Agent Teams, SendMessage, worktree | ✅ |
| 9 | Model Providers | 20+ providers, failover | Opus/Sonnet/Haiku + overrides | ~ | | 9 | Messaging/Remote | 15+ native channels | MCP + Telegram (v2.1.80) + Remote Control (/rc) + Dispatch | ~ |
| 10 | Cron/Automation | HEARTBEAT.md, cron, webhooks | /loop, CronCreate, /schedule, hooks | ✅ | | 10 | Model Providers | 20+ providers, failover | Opus/Sonnet/Haiku + overrides | ~ |
| 11 | Plugin System | openclaw.plugin.json, 20+ hooks | plugin.json, hooks, commands, agents | ✅ | | 11 | Cron/Automation | HEARTBEAT.md, cron, webhooks | /loop, CronCreate, /schedule, hooks | ✅ |
| 12 | Skills | SKILL.md, ClawHub (5,700+) | Skills + marketplace (2,300+) | ✅ | | 12 | Always-On | Daemon process, 24/7 | Headless on VPS + Cowork "keep awake" + /schedule | ~ |
| 13 | Security | Docker sandbox, DM pairing | Permission modes, hooks, sandbox | ~ | | 13 | Plugin System | openclaw.plugin.json, 20+ hooks | plugin.json, hooks, commands, agents | ✅ |
| 14 | Voice/TTS | Talk Mode, wake word | Via MCP/scripts (not built-in) | ~ | | 14 | Skills | SKILL.md, ClawHub (5,700+) | Skills + marketplace (2,300+) | ✅ |
| 15 | Companion Apps | macOS, iOS, Android native | VS Code, JetBrains, Desktop, Web | ~ | | 15 | Security | Docker sandbox, DM pairing | Permission modes + Auto Mode classifier + hooks | ~ |
| 16 | Gateway | WebSocket server, Control UI | No equivalent (Remote Control partial) | ❌ | | 16 | Voice/TTS | Talk Mode, wake word | Via MCP/scripts (not built-in) | ~ |
| 17 | Configuration | JSON5, hot-reload, profiles | settings.json hierarchy, CLAUDE.md | ✅ | | 17 | Companion Apps | macOS, iOS, Android native | Desktop, VS Code, JetBrains, Web, Dispatch (mobile) | ~ |
| 18 | Canvas/A2UI | Agent-driven HTML workspace | HTML generation + Playwright preview | ❌ | | 18 | Gateway | WebSocket server, Control UI | Remote Control (/rc) + Dispatch (partial) | ~ |
| 19 | Chat Commands | /status, /model, /think, /mesh | Built-in + custom skills | ✅ | | 19 | Canvas/A2UI | Agent-driven HTML workspace | HTML generation + Playwright preview | ❌ |
| 20 | CLI | onboard, gateway, tui, doctor | claude CLI with subcommands | ✅ | | 20 | Configuration | JSON5, hot-reload, profiles | settings.json hierarchy, CLAUDE.md | ✅ |
| 21 | Chat Commands | /status, /model, /think, /mesh | Built-in + custom skills | ✅ |
| 22 | CLI | onboard, gateway, tui, doctor | claude CLI with subcommands | ✅ |
## Score ## Score
| Verdict | Count | % | | Verdict | Count | % |
|---------|-------|---| |---------|-------|---|
| ✅ Full match | 11 | 55% | | ✅ Full match | 12 | 55% |
| ~ Different approach | 7 | 35% | | ~ Different approach | 9 | 41% |
| ❌ Gap | 2 | 10% | | ❌ Gap | 1 | 4% |
## What the gaps mean ## What changed from the initial assessment
**Gateway/Control Plane (❌):** OpenClaw runs a WebSocket server The initial feature map (20 rows, 2 gaps) was based on Claude Code
with a control UI, webchat, and an OpenAI-compatible API. Claude CLI alone. This updated map adds:
Code has no equivalent. Remote Control (research preview) partially
addresses phone access but is not a programmable gateway. - **Computer Use** (row 6): New capability. Claude Code Desktop and
Cowork can control your screen, click, type, navigate apps. This
matches OpenClaw's browser + desktop control.
- **Always-On** (row 12): Explicitly broken out. OpenClaw runs as a
daemon. Claude Code achieves persistence through headless VPS
deployment, Cowork's "keep awake" mode, and /schedule for remote
triggers. Different architecture, same outcome.
- **Gateway** (row 18): Upgraded from Gap to Different approach.
Remote Control (/rc) lets you control a CC session from phone or
browser. Dispatch (Cowork) adds mobile task assignment. Together
they cover the phone-control use case, though not the programmable
HTTP API.
- **Auto Mode** (rows 1, 2, 15): The AI safety classifier (Sonnet 4.6)
reviews every tool call. 0.4% false positive rate. This eliminates
the constant approval prompts that made CC feel less autonomous than
OpenClaw's daemon mode.
## The remaining gap
**Canvas/A2UI (❌):** OpenClaw's canvas is an interactive, **Canvas/A2UI (❌):** OpenClaw's canvas is an interactive,
agent-driven HTML workspace served by the gateway. Claude Code can agent-driven HTML/CSS/JS workspace served by the gateway. Claude Code
generate HTML files and preview them via Playwright, but there is can generate HTML files and preview them via Playwright or Computer
no persistent, interactive canvas surface. Use, but there is no persistent, interactive canvas surface. Artifacts
in claude.ai are the closest equivalent but are not available in
Claude Code.
These are real gaps. They matter most for always-on automation and ## The broader ecosystem
visual agent interfaces. For development and task execution, they
are less relevant. Claude Code is one part of Anthropic's answer to OpenClaw.
The full picture:
| Product | Role | OpenClaw equivalent |
|---------|------|-------------------|
| Claude Code (CLI) | Developer agent, terminal | OpenClaw core agent |
| Claude Code Desktop | Desktop app with computer use | OpenClaw + macOS app |
| Cowork | Non-technical agent, connectors | OpenClaw for non-developers |
| Dispatch | Mobile task assignment | Telegram/WhatsApp channels |
| /schedule | Remote triggers via claude.ai | HEARTBEAT.md cron |
| Agent SDK | Programmatic control, CI/CD | OpenClaw API |
This repo focuses on Claude Code (CLI + Desktop) because it gives
you the most control. But Cowork + Dispatch are relevant alternatives
for use cases that do not require terminal access.
## Version requirements ## Version requirements
Minimum Claude Code version for full coverage: **v2.1.81** Minimum Claude Code version for full coverage: **v2.1.86**
| Feature | Version | OpenClaw equivalent | | Feature | Version | OpenClaw equivalent |
|---------|---------|-------------------| |---------|---------|-------------------|
| Agent Teams | v2.1.32 | Multi-agent mesh | | Agent Teams | v2.1.32 | Multi-agent mesh |
| Auto-memory | v2.1.32 | Vector memory | | Auto-memory | v2.1.32 | Vector memory |
| Background agents | v2.1.49 | Sub-agent spawning |
| Worktree isolation | v2.1.50 | Agent sandboxing |
| HTTP hooks | v2.1.63 | Webhook integrations |
| /loop + CronCreate | v2.1.71 | HEARTBEAT.md + cron |
| disallowedTools | v2.1.78 | Tool deny lists |
| Channels + Telegram | v2.1.80 | Multi-channel messaging | | Channels + Telegram | v2.1.80 | Multi-channel messaging |
| Permission relay | v2.1.81 | DM approval | | Permission relay | v2.1.81 | DM approval |
| /loop + CronCreate | v2.1.71 | HEARTBEAT.md + cron |
| Worktree isolation | v2.1.50 | Agent sandboxing |
| disallowedTools | v2.1.78 | Tool deny lists |
| Background agents | v2.1.49 | Sub-agent spawning |
| HTTP hooks | v2.1.63 | Webhook integrations |
| Plugin marketplace | v2.1.6 | ClawHub |
| managed-settings.d | v2.1.84 | Enterprise policy | | managed-settings.d | v2.1.84 | Enterprise policy |
| Auto Mode | v2.1.86 | Autonomous execution |
| Computer Use | v2.1.86 | Desktop control |
| Remote Control (/rc) | v2.1.85 | Phone access |

3
security/README.md
View file

@ -10,6 +10,7 @@ agent behavior.
| File | What it covers | | File | What it covers |
|------|---------------| |------|---------------|
| `permission-modes-explained.md` | The three permission modes and when to use each | | `permission-modes-explained.md` | The four permission modes and when to use each |
| `auto-mode-explained.md` | Auto Mode: AI safety classifier for autonomous execution |
| `hook-based-guardrails.md` | Building custom security with PreToolUse hooks | | `hook-based-guardrails.md` | Building custom security with PreToolUse hooks |
| `nemoclaw-comparison.md` | Honest comparison with NemoClaw's enterprise security | | `nemoclaw-comparison.md` | Honest comparison with NemoClaw's enterprise security |

78
security/auto-mode-explained.md Normal file
View file

@ -0,0 +1,78 @@
# Auto Mode
Auto Mode (v2.1.86, March 24, 2026) is a new permission mode where
an AI safety classifier reviews every tool call before execution.
No manual approvals. Claude runs autonomously, with a safety net.
## How to enable
```bash
# From CLI launch:
claude --enable-auto-mode
# In active session:
# Press Shift+Tab to cycle through permission modes
```
## How the classifier works
Before each tool call, a classifier (running on Sonnet 4.6)
evaluates whether the action is safe:
1. **Fast filter:** Quick binary decision on the action category
2. **Chain-of-thought:** Detailed reasoning for borderline cases
Safe actions proceed automatically. Risky actions (mass deletion,
data exfiltration, malicious code) are blocked, and Claude is
redirected to an alternative approach.
## Performance numbers (Anthropic's internal testing)
| Metric | Value |
|--------|-------|
| False positive rate | 0.4% (safe actions incorrectly blocked) |
| False negative rate | 5.7% (risky actions not caught) |
The classifier runs on Sonnet 4.6 regardless of your session model.
This means even Opus sessions get fast, consistent safety screening.
## When to use Auto Mode
**Good for:**
- Code refactoring across many files
- Test-fix-test loops
- Research and summarization tasks
- Any workflow where constant approvals break your flow
**Not recommended for:**
- First time using Claude Code (learn default mode first)
- Sensitive environments with production data
- Multi-agent workflows where you want explicit control
## Comparison to OpenClaw security
| Aspect | OpenClaw | Auto Mode |
|--------|----------|-----------|
| Default behavior | Autonomous | Autonomous |
| Safety mechanism | Docker sandbox (containment) | AI classifier (prevention) |
| Unknown threats | Contained by sandbox | May slip through (5.7% FN) |
| Known threats | Depend on config | Caught by classifier |
| User intervention | /approve for flagged actions | Automatic redirect |
| Infrastructure | Requires Docker | No infrastructure |
## All four permission modes
| Mode | Behavior | Safety | OpenClaw equivalent |
|------|----------|--------|-------------------|
| Default | Ask for every action | Maximum control | DM pairing + exec approvals |
| Auto-edit | Pre-approved patterns | Selective | Tool allowlists |
| Auto Mode | AI classifier reviews | AI-enforced | Autonomous + sandbox |
| Bypass | No checks | Minimal | Elevated mode |
Auto Mode sits between auto-edit and bypass. It gives you the
autonomy of bypass with most of the safety of auto-edit.
## Availability
Research preview on Team plan (March 2026). Enterprise and API
coming soon.

33
security/permission-modes-explained.md
View file

@ -1,6 +1,6 @@
# Permission Modes # Permission Modes
Claude Code has three permission modes that control how much Claude Code has four permission modes that control how much
autonomy the agent has. This is the first line of defense. autonomy the agent has. This is the first line of defense.
## The three modes ## The three modes
@ -39,7 +39,31 @@ Configured in `.claude/settings.json`:
**OpenClaw equivalent:** Tool allowlists per agent/session. **OpenClaw equivalent:** Tool allowlists per agent/session.
### 3. Bypass mode (`--dangerously-skip-permissions`) ### 3. Auto Mode (`--enable-auto-mode`)
An AI safety classifier (Sonnet 4.6) reviews every tool call
before execution. Safe actions proceed automatically. Risky
actions are blocked and Claude is redirected.
```bash
claude --enable-auto-mode
# Or press Shift+Tab in a session to cycle to Auto Mode
```
Performance: 0.4% false positive rate, 5.7% false negative rate.
**Best for:**
- Autonomous coding workflows
- Test-fix-test loops
- Any task where constant approvals break flow
**OpenClaw equivalent:** Default autonomous mode with Docker sandbox.
Different philosophy: Auto Mode prevents dangerous actions before
execution. OpenClaw's sandbox contains damage after execution.
See `auto-mode-explained.md` for the full deep-dive.
### 4. Bypass mode (`--dangerously-skip-permissions`)
No permission checks at all. Claude Code executes everything. No permission checks at all. Claude Code executes everything.
@ -69,6 +93,7 @@ Settings deny list: decides WHICH tools exist at all
## Recommendation ## Recommendation
Start with default mode. Move to auto-edit mode once you Start with default mode. Move to auto-edit once you understand
understand which operations you trust. Never use bypass mode which operations you trust. Graduate to Auto Mode when you want
autonomous execution with AI safety. Never use bypass mode
outside of sandboxes. outside of sandboxes.