In the week of June 15, 2026, OpenClaw's weekly download counter on npm reached about 4.28 million — the highest it had ever been. Yet by then almost no one was talking about it: monthly mentions on Hacker News had fallen from 759 at February's peak to around 70. The most-viral open-source project of the year had, by every measure people usually watch, gone quiet. And its usage was setting records.
That contradiction is the whole story. OpenClaw is the clearest case study we have of a truth that gets lost every hype cycle: the attention curve and the usage curve are different clocks, driven by different things, and the metrics everyone reaches for — GitHub stars, press mentions, download totals — are close to useless for telling them apart. Pull them apart carefully and OpenClaw turns out to be neither the world-eater its January boosters claimed nor the flame-out its April obituaries implied. It is something more interesting, and the explanation was hiding in a language the English-speaking coverage mostly skipped.
What the hype was
OpenClaw is a self-hosted personal AI assistant: you run it on your own machine, point it at whatever model you like (Claude, GPT, Gemini, a local Ollama), and it answers you on the messaging channels you already use — WhatsApp, Telegram, Discord, Signal, iMessage, and about twenty others. Installable "skills" extend it. Austrian developer Peter Steinberger first published it on 2025-11-24 under the name Warelay, renamed it Moltbot in late January after a trademark complaint, and settled on OpenClaw on 2026-01-30. Its mascot is a space lobster named Molty, which tells you something about the register the project operates in.
Then it detonated. OpenClaw became one of the fastest-starred repositories in GitHub history. As of 2026-07-07 it sits at 382,031 stars and 80,139 forks — a genuinely enormous number. On 2026-02-14 Steinberger announced he was joining OpenAI and handing the project to a non-profit, the OpenClaw Foundation, which OpenAI would sponsor. The LICENSE file today carries Copyright (c) 2026 OpenClaw Foundation over standard MIT terms, so the governance handoff is real and not just a press line.
That is the part everyone reported. The stars are also the part that has quietly stopped meaning anything.
The metrics that lie
A GitHub star is a bookmark. It is cumulative and it never decays. The 382,031 stars OpenClaw shows today include everyone who starred it in the January frenzy and then never opened it again; the counter cannot go down when they lose interest. A big star total is evidence that a project was popular, not that it is used. For a project whose entire narrative is "fastest-growing repo ever," this is exactly the trap: the headline number is frozen at the top of the hype, permanently.
Downloads look more like usage, and they are better, but they lie in a different direction. An npm download is a machine event, not a person. Continuous-integration pipelines re-pull packages on every build. Docker images, mirrors, and transitive dependencies pull them again. And an auto-updater re-downloads on every release — which matters enormously for a project like OpenClaw that shipped 229 versions and pushes new betas every two or three days. A rising download curve can mean more people, or it can mean the same installs pulling more often, or one large new pipeline that depends on the package.
So before drawing any conclusion from OpenClaw's download record, it is worth ruling out the boring explanation. If the June surge were just auto-update noise, release frequency should have climbed alongside it. It did the opposite: OpenClaw shipped up to 30 versions a week in April and only three to eight a week through June. Releases collapsed while downloads climbed from their roughly 822,000 May trough to the 4.28 million June record. Whatever drove that record, it was not the same machines re-pulling a faster release train — it was more installs, more distinct clients, or a new downstream consumer.
The dramatic numbers attached to OpenClaw in secondary coverage deserve the same suspicion. Many of them — "1,142 security advisories," "3.2 million monthly active users," "38 million monthly visitors" — trace back to SEO stat-farm blogs, not to anything you can inspect. The security figure is a good example of why that matters. Checked against an automated tracker that rescans the CVE registry every six hours, OpenClaw had 157 tracked advisories and 543 all-CNA CVEs on 2026-07-07 — serious, but nowhere near the folklore number. And the shape is the interesting part: of those 543 CVEs, monthly disclosures peaked in March at 198 and have fallen every month since, to 61 in June. The security wave crested; it is not still accelerating. Treat the round, uninspectable numbers as decoration until a primary source backs them.
What actually died, and what didn't
Strip the vanity metrics away and measure the two curves that can actually move in both directions: attention and installs.
Attention collapsed, and not just on Hacker News. Stories mentioning OpenClaw there ran 4 in December, 34 in January, 759 at the February peak, then 416, 216, 75, and 72 through spring — roughly a 90% fall. The same thing happened in China, where a survey by the analytics firm GrowthBox and NetEase found OpenClaw's WeChat search index down more than 75% from its peak by late April, with a whole backlash genre of "how to quit raising your lobster" guides replacing the tutorials. By every attention measure, in two languages, the hype was over by May.
Installs did not follow. OpenClaw's weekly npm downloads peaked around 2.67 million in the week of March 9 — which lines up exactly with the release of its most-requested feature, a pluggable memory engine — then sank to a trough of about 822,000 in the week of May 11 as the hype drained out. And then, with no matching spike in attention anywhere in the English-speaking world, they climbed to that 4.28 million record in mid-June and have held in the two-to-three-million range since. Development matched the installs, not the mentions: OpenClaw still sees thousands of commits a week, and Steinberger himself was still pushing code on 2026-07-07, months into his OpenAI job.
So the honest one-line version is not "OpenClaw died" and not "OpenClaw's users grew." It is narrower and stranger: the crowd left, and the installs went to an all-time high anyway. The question is what was doing the installing.
The answer was in Chinese
English-language coverage of OpenClaw went quiet in the spring because English-language interest went quiet. Chinese coverage did not, and that is where the June curve comes from.
By March, OpenClaw had become a national craze in China — Fortune documented queues outside Tencent's Shenzhen headquarters, local-government grants of up to ¥10 million for OpenClaw-powered projects, and a cottage industry of engineers charging ¥500 to set the thing up for you. More durably than any of that, the country's cloud providers turned OpenClaw into a product. Alibaba Cloud launched an official one-click OpenClaw service on 2026-01-28, bundling its own Tongyi Qianwen model and DingTalk integration onto a lightweight server for around ¥38 a year. Tencent Cloud shipped a one-click template on its Lighthouse servers. ByteDance's Volcano Engine built ArkClaw, a managed OpenClaw deployment starting at ¥9.9. Around them grew an entire "Claw family" of thirty-plus derivatives — KimiClaw from Moonshot, MaxClaw from MiniMax, Tencent's skill-compatible WorkBuddy, and others.
This is the shape of the June surge, and it fits every fact at once. One-click cloud images generate installs by the pipeline-load — every provisioning run, every image rebuild, every enterprise pilot pulls the package — and they generate them in a market that English tech media does not cover and Hacker News does not index. Downloads at a record while mentions sat at the floor is exactly what a cloud-provider deployment wave in China looks like from the outside.
Two honest caveats keep this from being airtight. npm publishes no geographic breakdown, so the China attribution is inference from the timing, the integrations, and the contributor mix, not a measurement. And the survey that documents the wave is dated April, so it establishes the mechanism rather than the specific June spike. But the mechanism is not speculative — the one-click deployments are live products you can go buy today — and it is the best-supported explanation for a record download month sitting under a silent attention month.
Did the humans stay?
Notice what the deployment story does not prove: that more people are using OpenClaw. Cloud provisioning and enterprise pilots move the download counter without a single new human opening a chat window. To say anything about people, you need a signal that counts people.
The GrowthBox and NetEase survey is that signal — 2,100 respondents, real humans, asked in April. Two of its findings matter. First, the committed core held even as the crowd left: deep users rated OpenClaw "revolutionary" at 4.2 times the rate of people who had only heard of it, and pure-negative sentiment never exceeded 12% in any user segment. That is the profile of a tool that converted a slice of its audience, not a bubble that popped and left nothing. Second, and cutting the other way, enterprise adoption is intent running well ahead of use: 88.6% of companies said they planned to buy within twelve months, but 51.1% had OpenClaw in front of fewer than 20% of their employees. Lots of deployments; far fewer daily users behind them.
Put the two measured curves and the survey together, and this is what holds up: OpenClaw lost the crowd, kept a genuinely enthusiastic core, and picked up a large volume of cloud and enterprise deployment that inflates its usage metrics well beyond its actual human footprint. "The project is thriving" is true. "Millions of new people love it" is not something anyone has shown, and the download record is not evidence for it.
What this means if you're choosing one
None of this makes OpenClaw a bad choice. A project with a foundation, an OpenAI sponsorship, three Chinese hyperscalers shipping it as a product, and thousands of weekly commits is not going to disappear on you — its survival past a two-to-three-year horizon is about as safe a bet as open source offers. Leaning on a single corporate sponsor is its own kind of dependency, but an MIT license and 80,000 forks mean the community could carry it if OpenAI's interest cooled. The risk with OpenClaw was never abandonment. It is two other things.
One is security debt, which is structural to the category rather than to this project. A self-hosted assistant with access to your private data, exposure to untrusted content, and the ability to message the outside world is a live example of what security researcher Simon Willison calls the "lethal trifecta" — the exact combination that turns a prompt injection into data exfiltration. OpenClaw's skill marketplace made that concrete: independent audits found a meaningful fraction of early skills carrying malware, a campaign that seeded hundreds of malicious skills distributing a macOS stealer, and skills that slipped past the marketplace's own scanners as recently as June. The core engine has hardened and the CVE curve is falling, but the skill supply chain is the part you own the moment you self-host.
The other is that "still alive" and "right for you" are different questions, and the quieter alternatives may answer the second one better. The self-hosted field that OpenClaw towers over on stars is healthy, actively maintained, and an order of magnitude smaller in a way that often makes its sustainability more legible, not less. Jan (43,440 stars as of 2026-07-07, Apache-2.0, company-backed) runs models fully offline and ships weekly. LibreChat (40,394 stars, MIT) is the mature multi-provider hub and has grown agentic features of its own. Khoj (35,514 stars, AGPL-3.0) is the closest in spirit — a self-hostable "second brain" with a company and an enterprise tier behind it. Leon (17,350 stars, MIT) is the cautionary note: a genuinely private assistant carried almost entirely by one developer in his spare time, mid-rewrite, and a fair illustration of what a bus factor of one looks like.
If you would rather not run any of it, the commercial "text your agent" niche that OpenClaw popularized is now well-funded and openly pitched against it. Poke, from a startup at a reported $300 million valuation, sells the zero-setup version over iMessage and WhatsApp. Martin markets a Jarvis over your calendar and inbox for $30 a month. Google's Gemini Spark puts a persistent cloud agent behind a $100-a-month subscription. Each one trades away the thing self-hosting is for — your data staying yours, and you owning the security surface — in exchange for never touching a server. There is even a managed OpenClaw itself, TryOpenClaw, run by an unaffiliated Vietnamese company; convenient, and a reminder that a hosted wrapper's lifespan is tied to one operator you have never heard of.
The takeaway
OpenClaw is a lesson in reading a project honestly. Its stars froze at the top of the hype and stopped meaning anything the day the crowd moved on. Its downloads told a real story, but only after you subtract the machines and find the Chinese cloud providers underneath. Its actual users — the ones a survey had to go count, because no automated metric could — turned out to be a smaller, committed core sitting under a much larger cloud of deployments and intentions.
The hype cycle and the usage cycle keep different time. A project can lose all its attention and set an install record in the same month, and the tools you would reach for to check — the star badge, the download shield, the round number in the trend piece — are precisely the ones that cannot tell you which is happening. What survives a hype wave is measured in commits, in funding, in who is shipping it as a product, and in a core of people who stayed after the noise stopped. On those, OpenClaw is fine. Just don't read it off the star count.