841cd32c66
Settings.json: 16 scoped Bash grants (was 6 wildcards), 26-pattern deny list (was 5). CVE mapping: all 9 OpenClaw CVEs mapped to specific defenses with layer documentation. Scan results: posture Grade D (expected without llm-security), deep scan 0 critical/high. Hooks README: Option A — document llm-security hooks, recommend plugin installation. README: evidence-based security section with scan data and verification instructions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
9.4 KiB
Claude Code Complete Agent
A working setup that demonstrates every major OpenClaw capability using Claude Code's ecosystem: tools, MCP servers, plugins, hooks, agents, skills, triggers, Computer Use, and Remote Control.
Companion repo for the article Every OpenClaw Feature, Covered by Claude Code.
Why this exists
OpenClaw has 247K GitHub stars and 22 major capabilities. It is the fastest-growing open-source project in history. This repo shows that Claude Code's ecosystem (Code + Cowork + Dispatch) covers 21 of those 22, with 13 full matches and 8 different approaches. One gap remains: Canvas/A2UI.
This is not a theoretical comparison. Clone this repo, open Claude Code, and try each example yourself. By Example 14, you will have built your own personal agent.
Prerequisites
- Claude Code v2.1.86+
- Node.js 18+ (only needed for Playwright MCP)
- A terminal (macOS or Linux)
- For Computer Use (example 11): Claude Code Desktop app + macOS + Pro or Max plan
- For Auto Mode (example 13): Team plan or higher (research preview)
- For Dispatch: Claude mobile app (iOS/Android)
No npm install. No Docker. No build step.
Two paths
"Show me what it can do" - Browse examples/, read feature-map.md,
try the demo prompts. You will understand what Claude Code is capable of.
"Help me actually use it" - Follow the Cumulative Path through examples 01-14. Each example builds on the previous one. By the end, you have a working personal agent. Or read GETTING-STARTED.md for the condensed version: six steps, about one hour total.
Quickstart (demo mode)
git clone https://git.fromaitochitta.com/ktg/claude-code-complete-agent.git
cd claude-code-complete-agent
claude
Then try:
Paste the prompt from examples/01-agent-runtime/prompt.md
If you see Claude start searching the web and writing a file, it works. Each example includes an "Expected Output" section so you know what to look for.
What is in this repo
Working configuration
| Path | What it does |
|---|---|
CLAUDE.md |
Project memory and instructions |
.claude/settings.json |
Permissions, deny lists, hook config |
.claude/agents/ |
Three agents: researcher, writer, reviewer |
.claude/skills/ |
Three skills: daily-briefing, slack-message, web-research |
.mcp.json |
Playwright MCP (disabled by default) |
hooks/ |
Security hooks (pre-tool-use blocker, post-tool-use logger) |
Documentation
| Path | What it covers |
|---|---|
security/ |
Permission modes, Auto Mode, hook patterns, NemoClaw comparison |
memory/ |
How Claude Code memory works vs OpenClaw's vector search |
automation/ |
Cron, launchd, /loop, /schedule |
messaging/ |
Channels (iMessage, Telegram, Discord), Slack MCP, Dispatch/RC comparison |
browser/ |
Playwright MCP setup and usage |
cowork-integration/ |
How Code + Cowork + Dispatch together replicate OpenClaw |
Examples (try these)
| # | Example | Capability | OpenClaw equivalent |
|---|---|---|---|
| 01 | Agent Runtime | Tool execution loop | Long-running daemon |
| 02 | Shell and Files | Bash + file I/O | exec tool + read/write |
| 03 | Web Search | WebSearch + WebFetch | Brave Search + Firecrawl |
| 04 | Browser Automation | Playwright MCP | CDP/Playwright built-in |
| 05 | Memory System | CLAUDE.md + auto-memory | Daily logs + vector search |
| 06 | Multi-Agent | Agent Teams + SendMessage | Sub-agents + mesh |
| 07 | Messaging | MCP + Telegram Channels | 15+ native channels |
| 08 | Cron/Automation | /loop, CronCreate, /schedule | HEARTBEAT.md + cron |
| 09 | Security Hooks | PreToolUse/PostToolUse | Exec approvals + Docker |
| 10 | Full Pipeline | All capabilities combined | Complete workflow |
| 11 | Computer Use | Control desktop apps | macOS/iOS/Android apps |
| 12 | Remote Access | Channels + Dispatch + /rc (3 ways) | Telegram/WhatsApp control |
| 13 | Auto Mode | AI safety classifier | Autonomous daemon mode |
| 14 | Build Your Agent | All capabilities combined | Your personal setup |
Each example has a self-contained prompt you can paste directly into Claude Code.
Two ways to use the examples:
-
Independent mode. Pick any example and run it. Every demo prompt works standalone.
-
Cumulative path (recommended). Follow examples 01-14 in order. Each one has a "Cumulative Path" section with an alternative prompt that builds on the previous example's output. By example 10, you have a complete automated pipeline. By example 14, you have a personal agent configured for your actual work.
Examples 11-13 require additional setup (Desktop app, specific subscription plans) and are documented separately. Example 14 works after any subset of 01-10.
The feature map
See feature-map.md for the complete 22-row comparison table with verdicts and version requirements.
Summary: 13 full match, 8 different approach, 1 gap.
The cumulative path
The fastest way to learn Claude Code is to build something real with it. The examples are designed so each one adds one capability to an accumulating pipeline:
01 Research --> raw data
02 Organize --> structured report
03 Verify --> sourced, fact-checked
04 Browser --> live visual data (optional)
05 Memory --> persistent across sessions
06 Multi-agent --> polished, reviewed output
07 Messaging --> delivered to your phone
08 Automation --> runs on schedule
09 Security --> protected by hooks
10 Full pipeline --> everything combined
14 Your agent --> personalized for your work
Each example has a "Carry Forward" section (what your output feeds into next) and a "Now Try It Yourself" section (how to adapt the pattern for your own needs). Start at 01 and follow the thread.
The broader ecosystem
Claude Code is one part of Anthropic's answer to OpenClaw:
| Product | What it does | Best for |
|---|---|---|
| Claude Code (CLI) | Terminal agent with hooks, plugins, MCP | Developers |
| Claude Code Desktop | Desktop app with Computer Use | GUI automation |
| Cowork | Non-technical agent with built-in connectors | Everyone |
| Dispatch | Mobile task assignment from phone | Remote control |
| /schedule | Remote triggers via claude.ai | Always-on tasks |
| Agent SDK | Programmatic control for CI/CD | Automation |
See cowork-integration/README.md for a detailed breakdown of how these combine to cover OpenClaw's feature set.
The biggest practical limitation
Session persistence. If the Claude Code session closes, all remote access (Channels, Dispatch, Remote Control) stops. OpenClaw runs as a daemon and stays alive indefinitely. Workarounds exist (tmux, Mac Mini, VPS), but this is an architectural difference.
See messaging/channels-setup.md for always-on workarounds.
The remaining gap
Canvas/A2UI (the only gap): OpenClaw's canvas is an interactive HTML workspace. Claude Code can generate HTML and preview it via Playwright or Computer Use, but there is no persistent interactive surface. Artifacts in claude.ai are the closest equivalent but are not available in Claude Code.
Security
This repo doesn't just claim Claude Code is secure — it provides evidence. Every defense is configured, scanned, and documented.
What the scans found (2026-04-05)
- Deep scan: 0 critical, 0 high across 51 files and 10 scanners. No secrets, no injection vectors, no supply chain risk.
- Posture: Grade D without llm-security plugin (demo hooks only), Grade B+ with it installed. The gap is runtime hook enforcement.
- CVE mapping: All 9 OpenClaw CVEs mapped to specific defenses. 4 eliminated by architecture, 5 blocked by configuration and hooks.
Full results: security/scan-results.md
Defense layers
| Layer | What it does | Configured in |
|---|---|---|
| Architecture | No gateway, no ports, no multi-user auth | Inherent to Claude Code |
| Permission model | 16 scoped Bash grants, 26-pattern deny list | .claude/settings.json |
| Demo hooks | Pattern-matching command blocker + audit logger | hooks/ |
| Production hooks | 8 hooks covering all CVEs (recommended) | llm-security plugin |
| Permission modes | Default, Auto-edit, Auto Mode, Bypass | User selection at startup |
Key documents
| Document | What it covers |
|---|---|
cve-mitigation-map.md |
Each OpenClaw CVE mapped to a specific defense |
scan-results.md |
Reproducible posture and deep scan results |
openclaw-security-assessment.md |
10-category head-to-head with CVE analysis |
nemoclaw-comparison.md |
Honest comparison with enterprise kernel isolation |
Verify yourself
# With llm-security plugin installed:
/security posture # Configuration assessment
/security deep-scan . # All 10 deterministic scanners
License
MIT. See LICENSE.
About
Built by Kjell Tore Guttormsen as part of the From AI to Chitta project, exploring the intersection of AI tools and inner development.