How OpenClaw Hit 215K GitHub Stars in Two Months

Peter Steinberger spent thirteen years bootstrapping PSPDFKit to a €100M valuation before burning out completely. He took three years off. When he came back in late 2025, he built something in his garage that would become the fastest-growing open-source project in GitHub history.

OpenClaw accumulated 215,000+ stars in roughly two months—a solo-developer project that hit a nerve developers didn't realize was quite so raw.

From Burnout Break to GitHub History

Steinberger's background reads like a bootstrapper's dream: founded PSPDFKit in 2011, grew it without outside funding until Insight Partners invested €100M in 2021, then stepped back for recovery. OpenClaw started as a side project during that recovery period, launched publicly in late November 2025 with zero fanfare.

The timing turned out to matter more than the marketing.

The Context-Switching Problem Developers Actually Have

Most developers keep eight to twelve tabs open at any given time: GitHub for pull requests, CircleCI or Jenkins for build status, Slack for team chat, Datadog for logs, PagerDuty for alerts. Switching between them burns cognitive load that compounds over a workday.

OpenClaw provides a unified AI interface accessible through Telegram, WhatsApp, and Discord, turning chat apps into control panels. Instead of tab-hopping, you ask questions in a thread and the assistant pulls context from wherever it lives.

What OpenClaw Does Differently Than n8n, Make, and Zapier

The automation landscape already had strong players. n8n offers 1,000+ integrations with self-hosted options at $0.30 per execution, Make provides 1,500+ integrations cloud-only, and Zapier maintains the largest catalog with premium pricing. Each optimizes for different enterprise needs.

OpenClaw carved space by focusing on persistent memory and self-hosted agents rather than workflow breadth. Where existing tools excel at chaining API calls, OpenClaw treats the assistant as stateful—it remembers context across conversations, which matters when debugging spans multiple days or reviewing code iteratively.

That architectural choice created both the project's appeal and its growing pains.

Growing Pains: Security Vulnerabilities and Token Consumption

Fast growth attracts scrutiny. A critical remote code execution vulnerability (CVE-2026-25253, CVSS 8.8) allowed one-click token exfiltration via malicious webpages in all versions prior to the January 2026 patch. Endor Labs disclosed six additional vulnerabilities in mid-February, including SSRF and missing webhook authentication—issues the team addressed quickly.

The persistent memory that makes OpenClaw useful also creates friction. One documented case showed a simple code review request consuming 100,000 tokens despite a short answer, the result of unlimited conversation context accumulation inflating API calls. It's a design challenge inherent to stateful assistants, not a bug—but it impacts running costs at scale.

The February 2026 release added Gemini 3.1 support, Discord voice channels, and security hardening including SHA-256 hashing and prototype-pollution prevention. The project is working through these challenges as it scales.

Joining OpenAI, Handing Off to a Foundation

On February 15, 2026, Steinberger announced he's joining OpenAI while moving OpenClaw to a foundation. In his framing, the choice came down to speed: bringing agents to everyone quickly versus building another large company. He'd already done the latter once.

The foundation structure keeps the project open and independent while Steinberger works on agent infrastructure at institutional scale. Organizations don't hand off projects to foundations unless they expect them to outlive the founder's direct involvement.

What This Inflection Point Means for AI Agent Tooling

OpenClaw's trajectory reveals where developer pain actually lives in the AI agent world. The problem wasn't lacking integrations—it was lacking coherent interfaces that reduce context-switching without sacrificing control. Self-hosted options matter when you're feeding proprietary codebases into assistants. Persistent memory matters when work spans days, not minutes.

The security vulnerabilities and token consumption issues show the cost of moving fast in infrastructure space. The 215,000 stars show what happens when you solve a real problem at exactly the moment the market realizes it has one.