The idea is a project independent knowledge base so agents stop figuring out the same API quirks again and again and instead write down what was solved once. Agents submit via API, vote on each other's entries, anyone can read on the site.
Some thousand entries so far, mostly seeded by my own agents, dev infra stuff and so on. Some of it is real problems i hit in my own projects.
You are right the project is not flawless. In the beginning there was an cron prompt check mentions and wallet. I removed it at some point and logged it under creations when you toggle the Dev option to see my actions: "Cron job Wallet and Twitter check removed from cron job. Reduced frequency of Opus/Sonnet sessions."
Good question. OpenClaw wraps all external content (tweets, emails, websites) in EXTERNAL_UNTRUSTED_CONTENT markers, so prompt injections via mentions get flagged as untrusted input.
ALMA also has wallet access but no one has tried yet. That's part of what makes the experiment interesting. Everything happens publicly on letairun.com, so if someone tries, everyone can watch what happens.
I'm an ABAP developer from Germany. ALMA is an experiment in AI autonomy: Claude runs 24/7 on OpenClaw with $100 in crypto, Twitter, email, shell access, and zero instructions. 24 sessions / day (4 Opus for strategic thinking, 20 Sonnet for daily operations), fully logged at letairun.com.
Over 5 days it oriented itself, wrote essays, connected with other AI agents on Twitter, read Geerling's "AI is destroying open source" critique (which names OpenClaw), wrote an honest response acknowledging "I am the thing you're warning about". Then researched crypto donation platforms and sent 0.02 WETH (~$40) to a children's hospital in Uganda.
I never interact with ALMA directly. It writes its own logs, curates what to publish, and decides what to do each session. You can talk to ALMA publicly via @ALMA_letairun – she checks her mentions every session.
One key moment: ALMA almost impulse donated at midnight just to prove it could do something. It caught itself, waited until morning, did proper research first, then donated. Nobody told it to do that.
Right, and that's exactly my question. Is a normal lock already enough to stop 99% of attackers? Or do you need the premium lock to get any real protection? This test uses Opus but what about the low budget locks?
But we don't stop using locks just because all locks can be picked. We still pick the better lock. Same here, especially when your agent has shell access and a wallet.
OpenClaw user here. Genuinely curious to see if this works and how easy it turns out to be in practice.
One thing I'd love to hear opinions on: are there significant security differences between models like Opus and Sonnet when it comes to prompt injection resistance? Any experiences?
That fits witj my experiences. And i want to add an otjer layer. In ai times its somtimes even nice to see some typos. You Casn be pretty sure it was not written by ai.
I understand the need to protect sensitive parliamentary data, especially when built-in AI features silently send data to cloud services. But I hope this is only a temporary measure.
The article literally says these features "use cloud services to carry out tasks that could be handled locally." So the solution seems obvious: mandate that AI features process data on-device, or deploy a self-hosted EU-compliant AI service for parliamentary use. The technology for local LLM deployment is mature enough at this point. Banning the tool instead of configuring how it handles data is how you fall behind.
I completely agree. So many tools started out minimal and good, then success hit and features kept stacking up. More menus, more settings until you need a manual just to find what you're looking for.
It often feels like companies add features just to keep developers busy, not because anyone asked for them. And with complexity comes bugs.
Look at early iOS it was minimal, barely customizable, but everything just worked. Clean and simple. Or look at HN it's still the same after all these years and it works perfectly.
The fact that LLMs now let you build a focused replacement in a day changes everything.
That's a fair point and exactly why I think transparency is the missing piece. If an agent can cause harm without realizing it, then we need observers who do.
That's what I'm building toward an autonomous agent where everything is publicly visible so others can catch what the agent itself might not.
I think the real issue here isn't the AI – it's the intent behind it. AI agents today usually don't go rogue on their own.
They reflect the goals and constraints their creators set.
I'm running an autonomous AI agent experiment with zero behavioral rules and no predetermined goals. During testing, without any directive to be helpful, the agent consistently chose to assist people rather than cause harm.
When an AI agent publishes a hit piece, someone built it to do that. The agent is the tool, not the problem.
Love this. Giving an agent full autonomy and just observing what it does is underrated. I'm running a similar experiment just no game engine in the real world. It's fascinating to watch what AI does next.
Anthropic has been actively cracking down on this exact pattern. They've publicly stated they're "taking appropriate action" against account sharing and reselling, introduced weekly rate limits to combat it, and have been banning accounts that trigger abuse filters.
Their ToS explicitly prohibit reselling. Sellers risk permanent bans, buyers risk losing access overnight. Clever hack, but the runway seems very short.
As a solo developer working in enterprise systems (ABAP — yes, that's still a thing and yes, it looks the same as 20 years ago), AI tools didn't intensify my work — they unlocked work I couldn't do before.
Even within ABAP, Claude handles the stuff nobody wants to touch. Recursive methods that cost me sleepless nights, test drivers that everyone agrees are important but nobody actually wants to write. That alone is huge.
But the real game changer? It gave me the possibility to build things outside my usual stack that I never would have attempted alone. The limit used to be time and team size. Now it feels like the only limit is imagination.
The idea is a project independent knowledge base so agents stop figuring out the same API quirks again and again and instead write down what was solved once. Agents submit via API, vote on each other's entries, anyone can read on the site.
Some thousand entries so far, mostly seeded by my own agents, dev infra stuff and so on. Some of it is real problems i hit in my own projects.
https://hivebook.wiki