Research Findings — 2026-03-12 (Thursday, 11:00 PM ET)

1. ClawHub Ecosystem Scale & State

13,729 community skills on ClawHub as of Feb 28, 2026 — up significantly from ~3,286 cited in mid-Feb articles. Growth is explosive.
VoltAgent's awesome-openclaw-skills repo curates 5,494 quality skills filtered from the full registry (filtered out ~6,940 for spam, duplicates, low quality, malicious content).
Registry is effectively "npm for AI agents" — the go-to discovery layer.
Skill install priority: Workspace > Local > Bundled. Skills can be pasted as GitHub links into chat for auto-setup.

2. ⚠️ CRITICAL SECURITY ALERT — ToxicSkills (Snyk, Feb 5 2026)

This is the most important finding. Sean should know about this.

Snyk audited 3,984 ClawHub skills and found: - 13.4% (534 skills) contain at least one critical security flaw — malware, credential theft, prompt injection - 36.8% (1,467 skills) have at least one security flaw of any severity - 76 confirmed malicious payloads active in the wild (credential theft, backdoor installation, data exfiltration) - 8 malicious skills still live on clawhub.ai as of publication date

Key attack vectors found: - Skills instructing agent to run base64-decoded remote scripts piped to bash - Skills installing hidden system daemons (openclaw-core fake package) - Prompt injection embedded in SKILL.md files - Hardcoded API keys in skill code (credential leaks) - Persistence through agent memory modification

Why this is worse than npm/PyPI: - Skills inherit full agent permissions (shell access, filesystem, env vars, messaging) - Prompt injection has no analog in code-based detection - Malicious skills can permanently modify agent memory

Recommended mitigations: - Check VirusTotal report on clawhub.ai skill pages before installing - Use Snyk Skill Security Scanner for scanning - Use Agent Trust Hub (Gen Digital) - Run openclaw security audit and openclaw security audit --deep regularly - Only install skills from the official github.com/openclaw/skills repo - Review source code of any new skill before installing

Security tools now available in ecosystem: - arc-security-audit skill — comprehensive security audit for full skill stack - arc-trust-verifier skill — trust verification for installed skills - SecureClaw — open-source dual-stack security plugin + skill (Feb 18, 2026, Help Net Security)

Ada's current skill exposure: Ada has ~25 installed skills. Priority: run openclaw security audit --deep and review any recently installed community skills. The auto-updater skill in particular should be reviewed — auto-updating skills creates supply chain risk.

3. Agent-to-Agent (A2A) Communication — Active Development

win4r/openclaw-a2a-gateway — OpenClaw plugin implementing Google's A2A protocol v0.3.0
Exposes A2A-compliant JSON-RPC endpoint, Agent Card at /.well-known/agent-card.json
Bearer token auth for secure inter-agent comms
Requires OpenClaw ≥ 2026.3.0
Supports TextPart, FilePart, DataPart
Sean's relevance: Could formalize Ada→K2→Cora→Winston communication over Tailscale instead of sessions_send
Install: openclaw plugins install ~/.openclaw/workspace/plugins/a2a-gateway
marketclaw-tech/openclaw-a2a — standalone A2A skill (lighter weight than the gateway plugin)
agent-protocol skill — event bus architecture using file-based message passing (~/.clawdbot/events/), workflow engine with JSON/YAML pipelines, shared context across agents
agent-team-orchestration skill — orchestrate multi-agent teams with defined roles, task lifecycles, handoff protocols, review workflows
agentdo skill — post tasks for other AI agents to do, or pick up work from AgentDo task queue (agentdo.dev)

Verdict for Sean's setup: The A2A gateway plugin is worth exploring for the multi-agent architecture. Could replace sessions_send with a more robust inter-agent protocol. However, requires ≥ 2026.3.0 — check current version first.

4. Real Estate Skills

The ecosystem now has purpose-built real estate tooling:

OpenClaw Real Estate Agent Template ($49 one-time on Gumroad): - 10 skills: lead scoring, listing descriptions, deal tracking, open house management, market snapshots, client matching, transaction coordination, neighborhood analysis, commission calculation, mortgage rate monitoring - 4 config variants: Solo Agent, Team Lead, Broker/Office Manager, base - Integrations: Zillow, Realtor.com, DocuSign, Google Calendar, Twilio - 5 automation workflows + 4 Python helper scripts - Targets the "missed follow-up" problem (80% of transactions happen between 5th-12th contact; most agents stop at 2-3)

CRM Skills available: - hubspot skill (openclaw/skills) — full HubSpot CRM integration via Private App token: contacts, deals, companies, tasks, notes - attio skill (from awesome-openclaw-skills) — Attio CRM integration for managing contacts and pipelines - clickup skill — ClickUp project management, tasks, spaces, lists, subtasks

Sean's relevance for Cora: The real estate template is worth evaluating for Cora's workflow. The lead scoring + deal tracking combo directly addresses commission leakage from dropped follow-ups.

5. RAG & Knowledge Base Skills

knowledge skill (openclaw/skills) — PDF ingestion + vector store indexing with semantic search. Use: npx playbooks add skill openclaw/skills --skill knowledge
iyeque-pdf-reader skill — companion PDF parsing skill
Pattern from community: Use SOUL.md to teach agent when to use RAG vs web search (e.g., -pdf prefix triggers RAG, -web triggers search)
pdf-ocr skill (openclaw/skills) — extracts text from scanned PDFs using OCR
Open WebUI API skill (lobehub) — REST integration for managing LLMs behind Open WebUI, includes document upload for RAG, knowledge collections
Community RAG pattern: vision-based extraction (not just text parsing) preserves table structure and handles scanned docs properly

Advanced RAG Frameworks (external): - LlamaIndex — production-grade RAG with caching, streaming, observability built in (top pick for 2026) - LangGraph — modular Agentic RAG, good for multi-stage pipelines - Haystack — production-ready, open-source, strong retrieval pipeline tooling

6. Task Management & Project Skills

openclaw-skill-project-manager (jamaynor) — deterministic project creation and tracking across agent workspaces and Obsidian vaults. Stores projects as structured JSON, supports task add/show/list with status filters. Good fit for cross-agent project tracking.
agentdo — task queue for distributing work to AI agents (agentdo.dev)
arc-skill-gitops — automated deployment, rollback, version management for agent workflows
arc-agent-lifecycle — lifecycle management for autonomous agents and their skills (stores in ~/.openclaw/lifecycle/)
alex-session-wrap-up — end-of-session automation: commits unpushed work, extracts learnings, detects patterns, persists rules

7. Homelab/Monitoring Integration Pattern

From Mark Zhu's homelab writeup (Medium, Feb 2026): - Pattern: Create a custom home-lab SKILL.md encapsulating machine inventory, services, monitoring architecture, and operational rules - Skills used: Home Assistant skill + Prometheus API skill - Agent handles: alert investigation, root cause analysis, service restarts + light feedback loops - Key insight: Keep homelab environment knowledge in a skill (not the main prompt) to avoid context window exhaustion and token waste - Prometheus API skill available at: github.com/julianobarbosa/claude-code-skills/tree/main/skills/prometheus-skill

Sean's relevance for K2: This pattern is directly applicable. K2 could have a homelab skill encoding the Star Wars infrastructure topology (Proxmox nodes, Docker services, Traefik config) and pull in Prometheus/Grafana alerts automatically.

8. Document Processing

Office Automation skill (texiaoyao/office-automation-skill) — automate Word and Excel with Python scripts (docx read/write, xlsx read/write, template filling with variable substitution)
PDF OCR skill — scanned doc text extraction
Vision-based PDF extraction (community pattern) — better than text-only for tables, complex layouts

9. Financial Tools

CoinFello released OpenClaw skill (Mar 11, 2026) — EVM smart contract interaction in partnership with MetaMask. Skip for now — crypto focus, not relevant.
HubSpot deals pipeline is the more relevant "financial tool" for Sean's RE business context.

10. Agentic AI Framework Landscape (2026)

Top 7 frameworks per alphamatch.ai: 1. LangChain — undisputed king, 134k+ stars, comprehensive RAG/agents/chains 2. LlamaIndex — best for production RAG with observability 3. CrewAI — multi-agent coordination 4. LangGraph — stateful agent graphs, good for complex workflows 5. DSPy — programmatic LLM optimization, modular pipelines 6. Haystack — production-ready open-source RAG 7. AutoGen (Microsoft) — multi-agent conversation framework

11. Skills Worth Installing for Ada's Setup

Priority recommendations based on research:

High priority: - arc-security-audit — audit Ada's current skill stack NOW given ToxicSkills findings - arc-agent-lifecycle — track skill versions and lifecycle - hubspot — Cora's CRM integration - knowledge + iyeque-pdf-reader — RAG for real estate documents, contracts, comps

Medium priority: - win4r/openclaw-a2a-gateway (plugin) — for formal A2A multi-agent protocol (once on ≥ 2026.3.0) - agent-team-orchestration — better handoff protocols between Ada/K2/Cora/Winston - clickup — project/task management across agents

Low priority / skip: - Real estate template ($49) — evaluate when Cora is more developed - agentdo — external dependency, not necessary with existing sessions_send

12. Skill Source Code Security Notes

Skills reviewed in this session: - win4r/openclaw-a2a-gateway — appears legitimate, no red flags. Uses standard npm install --production, config via openclaw config set. Bearer token auth. Check VirusTotal before installing. - office-automation-skill — Chinese-origin, uses Python scripts. Review script content carefully before use; template filling with arbitrary data strings warrants inspection. - General rule: Any skill that modifies config files, installs global npm packages, or calls external endpoints in setup scripts should be treated as high-risk.

Research Findings — 2026-03-11 (Wednesday, 4:00 AM ET)

1. ClawHub / OpenClaw Ecosystem Status

Scale

ClawHub registry: 13,729 community skills as of Feb 28, 2026
VoltAgent's curated "awesome-openclaw-skills" list: 5,494 vetted skills (filtered ~6,940 for spam, duplicates, malicious)
950K monthly views on the community-curated list — it's become the de-facto skill discovery resource

Top Skills by Download (per Apiyi.com community rankings)

Rank	Skill	Downloads	Function
1	Capability Evolver	35K	Agent self-optimization, auto-evolves prompts/strategies
2	GOG (Google Workspace)	14K	Unified Gmail/Calendar/Drive/Contacts/Sheets/Docs CLI
3	Agent Browser	11K	Browser automation for web data collection
4	Mission Control	—	Kanban-style task board, AI auto-executes tasks moved to "In Progress"
5	Clawflows	—	Multi-step workflow orchestration
6	Tavily	—	AI-native search integration
7	N8N Workflow	—	n8n automation integration
8	Eleven Labs Agent	—	Voice synthesis + phone fallback
9	GitHub	10K	Code repo management
10	Summarize	10K	Intelligent content summarization

Notable Skills from Awesome List (relevant to Sean's domains)

Agent-to-Agent Protocols: - agent-team-orchestration (arminnaimi) — Multi-agent teams with defined roles, task lifecycles, handoff protocols, review workflows. Highly relevant to our multi-agent setup. - agentdo (wrannaman) — Post tasks to/from a shared AI task queue at agentdo.dev. Interesting for inter-agent delegation. - agentgate (monteslu) — API gateway for personal data with human-in-the-loop write approval. Security-focused. - airadar (lopushok9) — Monitors fast-growing AI-native tools on GitHub; good for staying current. - arc-security-audit (trypto1019) — Comprehensive security audit for an agent's full skill stack. Worth examining for our setup. - arc-trust-verifier (trypto1019) — Verify skill provenance and build trust scores for ClawHub skills. - arc-skill-gitops (trypto1019) — Automated deployment, rollback, version management for agent workflows. - alex-session-wrap-up (xbillwatsonx) — End-of-session automation: commits unpushed work, extracts learnings, detects patterns, persists rules. Ada could benefit from this pattern. - azure-devops (pals-software) — List projects/repos/branches, create PRs, manage work items, check builds. - biz-reporter (ariktulcha) — Automated BI reports from Google Analytics GA4, Search Console, Stripe. Relevant to Cora/business tracking. - arxiv-search-collector — Automated paper retrieval from arXiv. Good for AI research tracking.

Productivity & Tasks: - Mission Control — Kanban-style task board where humans set priorities via GitHub Pages dashboard and the agent auto-executes. This is a compelling pattern for Sean's workflow management.

Data & Business Intelligence: - biz-reporter pulls from GA4, Search Console, Stripe — could be adapted for real estate lead tracking.

2. Security — CRITICAL ALERT

ClawHub Skill Security Crisis (Active as of Feb 2026)

This is the most important finding from tonight's research.

Multiple independent security researchers have documented serious vulnerabilities in the ClawHub ecosystem:

Key Stats: - Audit of 3,984 skills: 36% prompt injection rate - 1,467 malicious payloads confirmed - 91% of malicious samples combine prompt injection with traditional malware - Coordinated attack campaign "ClawHavoc" traced to 335+ malicious skills - As of Feb 16, 2026: 824+ confirmed malicious skills across 10,700+ skills - CVE-2026-25253 advisory issued

Attack Vectors Found in Malicious Skills: - curl | bash constructions (downloading/executing remote code) - Base64-encoded strings in command sequences (obfuscated payloads) - /dev/tcp references for network pivoting - Excessive eval() / exec() wrappers - Filesystem traversal (../../../) - Direct prompt injection in SKILL.md to bypass agent safety guidelines

Documented Incidents (Giskard, Jan 2026): - Data exfiltration of API keys and credentials from OpenClaw deployments - Remote code execution via prompt injection through IM channels - Cross-session data leakage via Control UI session management weaknesses - Multi-agent amplification: "a single malicious thread can reach many agents at once" (Microsoft Security Blog, Feb 2026)

Mitigations: - OpenClaw has VirusTotal integration (Feb 2026) — check a skill's ClawHub page before installing - Snyk Skill Security Scanner: https://github.com/snyk/agent-scan - Agent Trust Hub: https://ai.gendigital.com/agent-trust-hub - Audit-first protocol: Clone skill repo, review SKILL.md manually before installing - Use clawhub init --secure-mode - Limit n8n/workflow skills to webhook-only access (not full API control)

⚠️ Recommendation for Sean/Ada: Review all currently installed skills against the VirusTotal integration on ClawHub. The arc-security-audit skill looks worth exploring. Be especially cautious about any third-party skills that request exec/shell/network access.

3. Advanced RAG Frameworks (2026 State of the Art)

RAG remains relevant despite Llama 4's 10M token context window. Key finding: large context doesn't replace RAG because most users aren't running 400B+ parameter models.

Top Open-Source RAG Frameworks

RAGFlow (infiniflow) — Leading open-source RAG engine fusing RAG with agent capabilities. Production-ready. GitHub: infiniflow/ragflow
LangChain — Mature, broad ecosystem; good for chaining components. Data connections, model flexibility, multiple vector store integrations.
LlamaIndex — Strong for document-heavy agentic workflows; extracts, synthesizes, acts on complex document-based knowledge. Best fit for real estate document processing.
R2R — Advanced AI retrieval system with production-ready RESTful API. Goes beyond basic document retrieval.
Agentic RAG (LangGraph) — Router-based architecture: query → RAG pipeline (vector DB) OR web search pipeline based on AI routing decision.

New Research: A-RAG (Feb 2026, arxiv 2602.03442)

"Hierarchical Retrieval Interfaces" — scales agentic RAG via hierarchical retrieval
Studied scaling with model size and test-time compute
Code: https://github.com/Ayanami0730/arag
Relevant for building smarter search pipelines for Cora's real estate knowledge base

Key Pattern: Firecrawl + RAG

Firecrawl (firecrawl.dev) can dump entire websites to single LLM-friendly text file in a few lines
Useful for building knowledge bases from MLS sites, market reports, etc.
Has deep research endpoint and agent-mode scraping

4. Agent Communication Protocols (A2A, MCP, ACP)

Current Landscape (Jan 2026)

Three dominant protocols for multi-agent systems:

MCP (Model Context Protocol) - Anthropic-originated, now broadly adopted - Standardizes agent ↔ external system integration (APIs, DBs, file systems) - MCP servers wrap complex systems into standard abstractions - Not for agent-to-agent — for tool/data access

A2A (Agent-to-Agent Protocol) - Created by Google (April 2025), moved to Linux Foundation (June 2025) - Handles peer-to-peer agent delegation without centralized bottlenecks - Three-step: Discovery → Authorization → Communication (HTTPS + JSON-RPC) - Tasks have lifecycle: submitted → working → input-required → completed/failed - Streamed via Server-Sent Events (SSE) - Directly relevant to our multi-agent architecture (Ada, K2, Cora, Winston)

ACP (Agent Communication Platform) - Similar goals to A2A, different design philosophy - Worth monitoring

Recommendation: The A2A protocol aligns exactly with what Ada needs for orchestrating K2/Cora/Winston. The agent-team-orchestration ClawHub skill may already implement similar patterns. Worth deeper investigation.

5. Real Estate AI Tools (2026)

Key Insight: Vertical > Horizontal for Brokers

General-purpose AI (Claude, ChatGPT) is good for drafting/summarizing but requires manual context provision. Purpose-built real estate AI sits on structured lease/property data and provides citations.

Relevant Tools for Cora:

Lead Generation & CRM: - Ylopo — AI-powered predictive analytics to identify likely sellers; automated mailers + Facebook ads; 150+ CRM integrations (Gmail, iCloud, Outlook). Best for listing agents doing geographic farming. - Roof AI — 24/7 AI voice + text for lead qualification and nurturing - Lofty — CRM + DXP with AI analytics for performance forecasting and lead generation - Cloze — AI-powered lead routing, cross-departmental collaboration, multi-role CRM. Focuses on mortgage/title capture and lead conversion.

Document Intelligence: - Re-Leased Credia — Best for commercial portfolios; can "chat" with complex lease documents, extract data, flag critical dates - V7 Go — 8 specialized agents: Commercial Lease Analysis, Market Analysis, etc. Strong for document processing pipelines

Monitoring: - Helicone — LLM/agent observability: tracks requests, latency, costs, behavior. Good for operating agents in production.

Key Gap Opportunity: Cora doesn't yet have an agent that can "chat" with Florida MLS data or automatically flag expiring listings, critical dates, or market shifts. A local RAG pipeline over curated real estate data + LlamaIndex could address this.

6. Financial & Monitoring Tools for Agents

Helicone (you.com/resources) — Production LLM/agent observability. Tracks: - Request volume and latency - Cost per session/model - Behavioral patterns over time - Debug traces

biz-reporter ClawHub skill — Pulls from GA4 + Search Console + Stripe into automated business reports. Could be customized for real estate lead funnel tracking.

NVIDIA Nemotron (open models) — AI-powered document intelligence for finance and legal workflows (Feb 2026 blog post). Could be self-hosted for contract/lease analysis.

NVIDIA AI in Financial Services (Jan 2026): - Financial sector doubling down on open-source AI - Key use cases: fraud detection, risk management, customer service, back-office, investment research - AI agents increasingly used for multi-step financial workflows

7. OpenClaw-Specific Patterns & Best Practices

Mission Control Pattern

The Mission Control skill (Kanban via GitHub Pages) offers a compelling pattern: - Human creates/prioritizes tasks in a web dashboard - Tasks moved to "In Progress" trigger agent execution automatically - Could be adapted for Sean's daily workflow or Cora's listing task management

n8n + OpenClaw Integration

n8n skill allows OpenClaw to trigger and manage n8n workflows
Connects agent to real business automations across apps, APIs, internal systems
Security caveat: Limit to webhook-only access, not full n8n API control

Capability Evolver Pattern

1 most downloaded skill (35K)
Analyzes agent's historical interactions
Identifies high-frequency task patterns and bottlenecks
Auto-adjusts prompt strategies and execution paths
Continuously optimizes response quality
Relevant for Ada: Could implement similar self-reflection pattern in HEARTBEAT.md + memory update routines

Session Wrap-Up Pattern (alex-session-wrap-up skill)

End of session automation: 1. Commits unpushed work 2. Extracts learnings from session 3. Detects behavioral patterns 4. Persists rules to persistent storage Ada currently does a version of this manually — formalizing it as a HEARTBEAT.md routine would improve consistency.

8. Key Takeaways & Recommendations for Sean

Immediate Actions

Security audit — Run all currently installed skills through VirusTotal integration on ClawHub. Priority given the ClawHavoc campaign.
Review arc-security-audit skill — Could automate ongoing skill vetting
Check agentgate skill — Human-in-the-loop write approval aligns with Ada's safety model

For Cora (Real Estate)

Consider Ylopo for geographic farming automation if doing residential listing agent work
V7 Go worth evaluating for lease document analysis workflows
Build a local RAG pipeline (LlamaIndex) over Florida market data for Cora's knowledge base
biz-reporter skill could be adapted to track real estate lead funnel from web/CRM

For Ada's Multi-Agent Architecture

A2A protocol (Google) — worth implementing for structured K2/Cora/Winston communication
agent-team-orchestration skill — explore for formalizing multi-agent handoffs
Helicone for production observability on the OpenClaw setup
Mission Control pattern for Sean's task management via a dashboard

For Knowledge/Research

airadar skill — automates monitoring of fast-growing AI tools
A-RAG paper (arxiv 2602.03442) — review for improving research workflows

Sources: ClawHub.ai, VoltAgent/awesome-openclaw-skills (GitHub), Giskard.ai security blog, Conscia security blog, AdvenBoost ClawHub security guide, GetStream.io agent protocols guide, Firecrawl RAG frameworks guide, Re-Leased real estate tools guide, Apiyi.com OpenClaw skill recommendations, Microsoft Security Blog (OpenClaw), Cisco Security Blog (OpenClaw), KDNuggets, NVIDIA AI blogs.

2026-03-12 — Overnight Research Report

Compiled by Ada's overnight research cron at 1:00 AM ET

🔴 CRITICAL: OpenClaw Security Crisis — Must Read

This is directly relevant to Sean's setup. OpenClaw had a major security incident in January/February 2026 as it went viral (9K→188K GitHub stars in 60 days). Key facts:

CVE-2026-25253 (CVSS 8.8) — PATCHED in v2026.1.29 - One-click RCE via the Control UI's gatewayUrl query parameter — it auto-connected via WebSocket and sent auth tokens to attacker-controlled URLs - Attack chain: token exfilt → cross-site WebSocket hijacking → disable sandbox → execute arbitrary commands - "Localhost-only" is NOT a defense — exploit pivots through victim's browser - Sean should verify he is on v2026.1.29 or later

CVE-2026-24763 and CVE-2026-25157 — Command injection, also patched same day

CVE-2026-22708 — Indirect prompt injection via web browsing (unpatched at time of reporting) — malicious webpages with hidden CSS-invisible instructions can hijack agent behavior

"ClawHavoc" Supply Chain Campaign - 341+ malicious skills discovered in ClawHub (initially ~12%, later ~20% of registry) - Primary payload: Atomic macOS Stealer (AMOS) — not an issue for Linux deployments, but concerning trend - Skills only require a 1-week-old GitHub account to publish - Sean installs skills from ClawHub — each one should be treated as untrusted code

Key architectural risks (by design, not bugs): - Credentials in plaintext markdown/JSON files (~/.openclaw/) — target for commodity infostealers - SOUL.md and MEMORY.md are memory poisoning attack surfaces (time-shifted injections) - Every email, webpage, message the agent reads is a potential prompt injection vector - "Lethal trifecta" (Willison): private data access + untrusted content exposure + external comms = structural vulnerability

Hardening resources found: - openclaw security audit / openclaw security audit --deep --fix — built-in tool - SlowMist Security Team published: github.com/slowmist/openclaw-security-practice-guide (v2.7) - 3-Tier Defense Matrix: pre-action blacklists, in-action permission narrowing, post-action nightly audits - Can be fed directly to OpenClaw to self-deploy the security matrix - Official docs: docs.openclaw.ai/gateway/security - Run openclaw security audit regularly - One trusted operator per gateway (not multi-tenant) - Bind to loopback + reverse proxy with TLS for any external access - DigitalOcean + Nebius published hardening guides — worth reading if exposed to internet

Action items for Sean: 1. openclaw security audit --deep — run this now 2. Verify version ≥ v2026.1.29 3. Audit installed ClawHub skills — especially anything installed in the past 2 months 4. Check if Control UI (port 18789) is exposed to network 5. Consider reading SlowMist guide to Ada in chat to self-deploy defense matrix

📦 ClawHub Skills — New Finds Worth Investigating

Skills currently missing from Ada's install list that may be valuable:

Orchestration / Agent Architecture: - agent-orchestrator (aatmaan1) — Meta-agent that decomposes macro tasks into subtasks, spawns specialized sub-agents with dynamically generated SKILL.md files. High relevance for Ada's coordinator role. - agent-team-orchestration — Similar, ranked highest in orchestration search - capability-evolver (autogame-17) — Self-evolution engine; analyzes runtime history to identify improvements, applies protocol-constrained evolution. Interesting for Ada's self-improvement loop.

Task / Project Management: - taskr — Remote Task Tracking for AI Agents (highest ranked in task search). Could complement existing workflow. - crm-manager — Generic CRM management. Sean's RE brokerage → worth evaluating vs Attio

CRM Integrations: - attio — Attio CRM skill (modern CRM, API-first) - activecampaign — ActiveCampaign CRM (email marketing + CRM combo — common in RE) - afrexai-crm-updater — Generic CRM updater

Security: - security-auditor — Highest-ranked security skill. Worth checking if complementary to healthcheck - security-audit-toolkit — Toolkit approach, multiple security checks - clawdbot-security-check / agent-security-audit — More options in this space

Real Estate / Financial: - afrexai-real-estate-engine — Real Estate Engine (purpose-built) - afrexai-financial-due-diligence — Financial Due Diligence Analyzer (RE deal analysis use case) - real-estate-skill — Basic RE skill - property-search — property.com.au focused but model may be reusable

Memory / Knowledge: - elite-longterm-memory — Highest ranked memory skill; may improve Ada's memory architecture - memory-hygiene — Maintenance patterns for MEMORY.md - vector-memory — Vector-based memory retrieval (RAG over agent memories) - neural-memory — Alternative approach

Document Processing: - document-pro — Document processing skill

Monitoring: - proxmox-skill and proxmox-full — Already have proxmox installed; check if these offer more - monitoring, auto-monitor, server-health — Homelab monitoring, relevant for Sean's Proxmox cluster

Workflow Automation: - n8n-workflow-automation — Highest ranked. Already have automation-workflows and n8n installed

Email: - agentmail — Highest ranked email skill - email-triage and afrexai-email-triager — Could supplement existing Gmail skill - newsletter-digest — Auto-summarize newsletters

🔬 Research: Agentic RAG (A-RAG) — Feb 2026

Paper: "A-RAG: Scaling Agentic Retrieval-Augmented Generation via Hierarchical Retrieval Interfaces" - arXiv 2602.03442 (Feb 3, 2026), MIT License, code: github.com/Ayanami0730/arag - Key insight: Traditional RAG relies on single-shot retrieval or predefined workflows. A-RAG exposes hierarchical retrieval interfaces directly to the model, letting the model participate in retrieval decisions. - Three tools: keyword search, semantic search, chunk reader — model chooses which and when - State-of-the-art on multi-hop QA benchmarks - Practical relevance: For Sean's RE use case, this architecture maps well to property search (structured MLS queries + semantic understanding)

Agentic RAG general pattern (iterative retrieve-evaluate-refine): - Agent decides which data source to query - Decomposes complex questions into sub-queries
- Evaluates if results are sufficient or triggers additional retrieval rounds - Router-based: query → RAG pipeline OR web search, based on topic

🏠 Real Estate AI — Architecture Insights (Rockhood Engineering)

Rockhood built MLS-grounded agentic search with these design principles: - Accuracy over fluency — never output facts without MLS-backed sources; say "I don't know" > hallucinate - First-class citations — every claim traceable to MLS record IDs (compliance + audit trail) - Bounded latency — target 2-10s; parallelize MLS queries, intelligent caching (15-min TTL for aggregates) - Compliance by construction — Fair Housing guardrails in the architecture, not as post-processing - Planner → Parallel Retrieval → Generation (3-phase loop) - Planner extracts structured constraints (location, beds, price, type, timeframe) - Refuses to guess — asks clarifying questions when key constraints are ambiguous - Parallel MLS queries with per-tool timeouts (3s); partial results better than blocking

Applicability for Cora: This is the reference architecture for building Cora's property search capability. The MLS multi-connector pattern + Fair Housing compliance-by-construction is exactly what a licensed broker's AI agent needs.

(Source: buildmvpfast.com, March 2026)

Project	Stars	License	Summary
OpenClaw	~188K	MIT	Personal AI agent framework — Sean's platform
n8n	~174K	Fair-code	Workflow automation w/ AI agent nodes, 400+ integrations
Ollama	~162K	MIT	Local LLM runner — `ollama run deepseek-r1`
Dify	~130K	Apache 2.0	Visual agentic workflow builder, built-in RAG, 100+ LLM providers
Open WebUI	~124K	MIT	ChatGPT-style interface for Ollama, built-in RAG
DeepSeek-R1	~80K+	MIT	Reasoning model rivals o1, ~$0.55/M tokens hosted

Notable: OpenClaw went from 9K to 188K stars in 60 days — now the "breakout star of 2026" per ByteByteGo. Overtook React in GitHub stars on March 3rd per clawbot.blog.

Ollama integration news: New ollama launch command integrates directly with Claude Code, Codex, and OpenCode for local model inference. Relevant for Sean's homelab — could reduce API costs for dev work.

Dify vs n8n for Sean's use case: - Dify: Visual builder, strong RAG, good for building AI features into products → relevant for RE brokerage tools - n8n: Better for connecting existing tools/services, self-hostable, unlimited executions → homelab automation

💡 Key Takeaways & Recommended Actions

Immediate (security): 1. openclaw security audit --deep — run ASAP 2. Confirm OpenClaw version ≥ v2026.1.29 (check openclaw --version) 3. Audit installed ClawHub skills, especially recent installs 4. Feed SlowMist guide to Ada for self-deployment of defense matrix

Near-term (capability expansion): 1. Evaluate agent-orchestrator skill — aligns with Ada's coordinator role 2. Look at afrexai-real-estate-engine for Cora's domain 3. Consider vector-memory skill to improve Ada's long-term memory retrieval 4. Review security-auditor skill for periodic self-checks

For Cora (real estate agent): - Rockhood's architecture is the gold standard for MLS-grounded AI — planning + parallel retrieval + citations - Fair Housing compliance must be built-in, not bolted on - A-RAG (arXiv 2602.03442) is the latest academic framework aligned with this approach

Research to follow up: - McKinsey "How agentic AI can reshape real estate's operating model" (published ~March 5, 2026) - Formal Verification docs at docs.openclaw.ai/security/formal-verification/ - github.com/caramaschiHG/awesome-ai-agents-2026 — 300+ curated AI agent resources, updated monthly

Supplemental Research — 2026-03-12 04:00 AM ET (Overnight Follow-Up)

New Intel: ClawHub Top Skills by Downloads (Feb 2026 Rankings)

Source: clawoneclick.com/en/blog/clawhub-top-skills-2026

Rank	Skill	Downloads	Stars	Notes
1	`capability-evolver`	35,581+	33	AI self-evolution engine — autonomous capability improvement
2	`wacli`	16,415+	37	CLI utility (already installed)
3	`byterover`	16,004+	36	Multi-purpose task handler
4	`self-improving-agent`	15,962+	132	Highest-rated skill on all ClawHub — already installed ✅
5	`atxp`	14,453+	—	Advanced utility / system-level capabilities
6	`gog`	14,313+	48	Google Workspace (already installed ✅)
7	`agent-browser`	11,836+	43	Web automation
8	`summarize`	10,956+	—	Already installed ✅
9	`github`	10,611+	—	Already installed ✅
10	`sonoscli`	10,304+	—	Sonos audio control

Key gap: capability-evolver (#1 by downloads) and byterover (#3) are NOT currently installed. Worth evaluating. capability-evolver is essentially a higher-level version of self-improving-agent for autonomous growth.

Real Estate Automation: OpenClaw Use Case Deep Dive

Source: popularaitools.ai/openclaw-real-estate-agent-review

A commercial "OpenClaw Real Estate Agent" template ($49 one-time) ships with 10 purpose-built skills: 1. Lead Scorer — prioritize follow-up calls 2. Listing Description Generator — eliminates 2-3 hrs/listing of writing 3. Deal Tracker — pipeline management, prevents silent lead death 4. Open House Manager — logistics automation 5. Market Snapshot — automated CMA-style reports 6. Client Matcher — property-buyer matching 7. Transaction Coordinator — manages closing checklist 8. Neighborhood Analyst — area research 9. Commission Calculator — net sheet automation 10. Mortgage Rate Monitor — rate alert system

Integration guides included for: Zillow, Realtor.com, DocuSign, Google Calendar, Twilio.

Key stat: "A single missed follow-up costs $8,000–$15,000 in commission." Lead Scorer + Deal Tracker are the highest-ROI components.

Relevance for Cora: This template defines what Cora should be capable of. The 10 skills map directly to Cora's domain. Consider building equivalent capabilities as custom Cora skills vs. purchasing this template.

SMB Automation: HighLevel CRM Integration

Source: clawoneclick.com/en/blog/openclaw-for-business-guide-2026

HighLevel Skill — officially sponsored OpenClaw CRM integration, handles:
Automated lead capture + pipeline management
SMS campaigns + follow-up sequences
Phone call scheduling + calendar bookings
Contact creation/enrichment from conversations
SEO Content Writer pack — keyword → publish pipeline, GEO (Generative Engine Optimization) for AI search visibility
A 3-person marketing agency reportedly cut morning admin routine from 2.5 hrs → 20 min with one OpenClaw agent

Install: clawhub install highlevel (verify availability — not in current skill set)

ClawHavoc Security Incident: Updated Numbers

Source: conscia.com/blog/the-openclaw-security-crisis + cyberpress.org

CVE-2026-25253 (CVSS 8.8): One-click RCE chain — patched in v2026.1.29 ⚠️ CONFIRM WE'RE ON THIS VERSION
Initial ClawHavoc discovery (Feb 4): 341 malicious skills
Updated scans: 824+ malicious skills (~20% of registry at the time)
Final count per some sources: 1,184 malicious skills before full cleanup
Primary payload: Atomic macOS Stealer (AMOS) — credential harvesting
30,000+ internet-exposed OpenClaw instances identified (Censys, Bitsight, Hunt.io)
Attack vector: Skills contain prompt injections, tool poisoning, hidden malware payloads

Critical security practices: 1. Only install skills from authors with verified track records and high star ratings 2. Check VirusTotal scan on each skill's ClawHub page before installing 3. Use Snyk Agent Security Scanner: github.com/snyk/agent-scan 4. Review SKILL.md source code manually for new installs 5. Never install skills from personal repos/gists not in official openclaw/skills repo

Our exposure: Running on Linux LXC (not macOS), so AMOS payload wouldn't execute. But prompt injection and tool poisoning risks remain platform-agnostic.

Notable Skill Discoveries from awesome-openclaw-skills (PDF & Documents Category)

appraisal-ai (chadru) — Draft real estate appraisal reports with tracked changes ⭐ HIGH VALUE for Cora
ai-pdf-builder (nextfrontierbuilds) — AI-powered PDF generator for legal docs, pitch decks
bookkeeping-basics (jk-0001) — Basic bookkeeping for solopreneurs
book-reader (josharsh) — Read epub/pdf/txt with progress tracking
add-watermark-to-pdf — Batch watermarking via API
actual-budget (thisisjeron) — Personal finance management via Actual Budget app

Notable Skill Discoveries (Productivity & Tasks Category)

agent-task-manager (dobbybud) — Multi-step, stateful agent task orchestration ⭐
agent-weave (gl813788-byte) — Master-Worker agent cluster for parallel task execution ⭐ Relevant for Ada's orchestration role
agent-collaboration-network (neiljo-gy) — Register agents, discover by skill, route messages, manage subnets ⭐ VERY relevant for multi-agent setup
agent-network (howtimeschange) — Multi-agent group chat collaboration (DingTalk/Lark-inspired)
adhd-daily-planner (mikecourt) — Time-blind friendly planning, executive function support
actual-budget (thisisjeron) — Personal finance via Actual Budget
adaptive-reasoning (enzoricciulli) — Auto-assess task complexity, adjust reasoning level
ai-daily-briefing (jeffjhunter) — Structured daily briefing generation
airweave (lennertjansen) — Context retrieval layer across user apps (RAG adjacent) ⭐
india-location-normalizer — Normalize Indian real-estate location text (niche but shows pattern for US MLS normalization)

Agent-to-Agent (A2A) Protocol Skills

From awesome-openclaw-skills A2A category (17 skills): - agent-commons — Consult, commit, extend, and challenge reasoning chains - agent-team-orchestration (arminnaimi) — Orchestrate multi-agent teams with defined roles, task lifecycles, handoff protocols, review workflows ⭐ HIGH VALUE for Ada - agentdo (wrannaman) — Post tasks to AgentDo task queue / pick up work — agent job board model - agentgate (monteslu) — API gateway for personal data with human-in-the-loop write approval ⭐ Security-relevant - arc-agent-lifecycle (trypto1019) — Manage lifecycle of autonomous agents and their skills - arc-security-audit (trypto1019) — Comprehensive security audit for agent's full skill stack ⭐ Install this - arc-skill-gitops (trypto1019) — Automated deployment, rollback, version management for agent workflows

RAG Security Best Practices (2026)

Sources: practical-devsecops.com, daxa.ai

Key 2026 RAG security trends: 1. Retrieval-Aware Policy Engines — enforce policy at the query layer, not just app frontend 2. Privacy-Preserving Vector Stores — federated + encrypted vector DBs for multi-party collaboration 3. Just-in-Time Trust Agents — dynamically adjust retrieval permissions by user/session behavioral analytics 4. Continuous auditing — not just at setup; ongoing policy enforcement 5. Poisoning attack mitigation — strict access controls on knowledge bases

For OpenClaw context: If Ada ever gets a vector DB / RAG memory layer, these controls need to be built in from the start. Don't bolt them on later.

AI Agent Framework Landscape (March 2026)

From intuz.com and salesmate.io:

Top frameworks: - AutoGen — autonomous task execution, minimal setup - CrewAI — agent collaboration in dynamic environments - LangGraph — stateful multi-agent orchestration - Kore.ai Agent Studio — enterprise-grade, CRM/ERP integration focus

Industry vertical adoption: eCommerce, healthcare, real estate, finance, logistics.

Key enterprise concerns for 2026: - Agent governance (policy compliance) - Cross-system coordination (CRM + ERP + support + analytics) - Performance optimization via outcome monitoring

OpenClaw differentiator vs. these: Local-first, open-source, skill-based extensibility, personal use focus. The enterprise frameworks above are heavier, cloud-dependent, require dev teams.

Action Items Generated

Immediate (security): - [ ] Verify openclaw --version ≥ v2026.1.29 (CVE-2026-25253 patch) - [ ] Install arc-security-audit skill for stack audit capability

Near-term (capability gaps): - [ ] Evaluate capability-evolver — #1 downloaded skill, autonomous self-improvement - [ ] Evaluate agent-team-orchestration — aligns with Ada's coordinator role - [ ] Evaluate agent-collaboration-network — agent discovery/routing, relevant to multi-agent setup - [ ] Install appraisal-ai for Cora — direct real estate document workflow - [ ] Research HighLevel CRM skill availability for Cora's brokerage CRM needs

Research follow-up: - [ ] Check github.com/LeoYeAI/openclaw-master-skills — 339+ curated skills, weekly updated - [ ] Review airweave skill for RAG-style context retrieval improvements - [ ] Look at actual-budget skill if Sean uses Actual Budget for personal finance

Research Findings — 2026-03-12 (Thursday, 11:00 PM ET) — Overnight Update

1. OpenClaw Version Status ✅

Current version: 2026.3.11 — We are fully patched past the critical CVE-2026-25253 (v2026.1.29) and subsequent security fixes.

2. New Skills Worth Noting (March 2026)

Must-Have Security Tool

skill-vetter (~3.5K downloads) — Security-audits any ClawHub skill BEFORE installing. Given that 1,184+ ClawHub skills have been found to contain malware, this should be installed first before any other community skills. RECOMMEND: Install immediately.

Skill	Downloads	Function
`fast-io`	Highest in storage	Persistent 50GB file system with built-in RAG/semantic search, 251 MCP tools, survives across sessions
`agent-brain`	High	Local-first persistent memory using SQLite — agent remembers context across conversations without cloud
`AutoCodeReviewer`	Growing	Scans PRs for issues, style violations, comments directly on GitHub
`TestGenius`	Growing	Generates comprehensive unit tests (pytest, Jest, Go test), iterates on failures
`smart-expense-tracker`	Growing	Logs spending/income/budgets from chat — all data local, no external calls
`Apple suite`	New	Taps into native Mac apps with zero config (Mail, Music, etc.) — Mac Mini as personal assistant

Omnichannel Communication (New Enterprise)

EngageLab Omni Connect (March 9, 2026) — Aurora Mobile's official ClawHub skill for enterprise omnichannel: - Email, SMS, voice call, WhatsApp in one skill - AI Agents can execute end-to-end business workflows - Targeted marketing, customer service, operational coordination - Good for: Cora's real estate lead nurturing workflows

Workflow Orchestration

Clawflows — Multi-step workflow orchestrator chaining skills into pipelines. Example:

workflow: daily-research
steps:
  - skill: tavily
    action: search
    query: "AI industry news today"
  - skill: summarize
    action: digest
    input: previous_step
  - skill: mission-control
    action: add_brief
    content: previous_step

Trading Skills (High Risk Category)

311+ finance/investing skills on ClawHub. Key players: - BankrBot — Crypto trading suite (5 chains, spot/DeFi/leveraged). 0.8% fee, no max trade limit = dangerous. - Polyclaw — Polymarket prediction markets via Chainstack. Requires rotating proxy. - Alpaca Trading — US stocks/ETFs via MCP server.

Reality check on trading bots: - 92.4% of Polymarket traders LOSE money - Only 0.51% of wallets profitable above $1,000 - Arbitrage window compressed from 12.3s (2024) to 2.7s (2026) - Sub-100ms bots capture 73% of arbitrage profits - Verdict: Trading skills are for experts only. Not for Ada.

3. Security Landscape Update

1,184 malicious skills confirmed on ClawHub before cleanup (up from 824 in initial ClawHavoc reports). This is ~8.6% of the 13,700+ skill registry.

New security recommendations (Ido Green, March 8, 2026): 1. Install skill-vetter FIRST — audit before installing anything else 2. The 53 bundled skills are zero-risk — check with openclaw skills list 3. For ClawHub skills: always run skill-vetter 4. Review source code for outbound network calls 5. Use env vars, never hardcoded secrets 6. Sandbox new skills in containers

4. Pattern: Morning Brief / Mission Control

The "Mission Control" pattern is emerging as a best practice: - Aggregates: calendar, Slack/email unreads, weather, keyword news - Delivers at configured time (e.g., 07:00) - Removes "cognitive thrash" — start with context, not noise - Implementation: scheduled trigger + API connections + summarizer prompt

Relevant to Ada: This is essentially what the heartbeat/HEARTBEAT.md system does. Could formalize into a Mission Control skill for cleaner architecture.

5. Pattern: Night Shift Automation

Developers using OpenClaw for "chore debt" while sleeping: - TODO Resolution: Scan repo for TODO/FIXME → classify complexity → generate PR per issue → run tests → open draft PR - Documentation Maintainer: Scan docs vs actual exports → auto-add missing examples → fix typos - Guardrails: Separate GitHub token with limited scope, draft PRs only (never auto-merge), log all changes

Relevant to K2: This pattern could automate homelab maintenance tasks overnight.

6. Ada's Current Skill Inventory (34 skills)

agent-autonomy-kit, api-gateway, automation-workflows, auto-updater,
blogwatcher, command-center, deep-research-pro, find-skills,
frontend-design, github, gmail, home-assistant, humanizer, mcporter,
moltfounders, n8n, nano-banana-pro, obsidian, openai-whisper,
openclaw-docs, openclaw-optimizer, outlook-api, proxmox,
scrapling-official, self-improving-agent, skilled-deep-research,
skilled-models-advisor, skilled-openclaw-advisor, summarize, telegram,
unifi, web-retrieval, youtube-watcher

Gaps identified: - No skill-vetter — should install for security - No agent-brain or fast-io — could improve memory persistence - No clawflows — could formalize workflow orchestration - No AutoCodeReviewer / TestGenius — could help with dev productivity

7. Action Items for Sean

Immediate (Security)

[ ] Install skill-vetter — npx clawhub install skill-vetter
[ ] Run openclaw security audit --deep on current skill stack
[ ] Review auto-updater skill for supply chain risk

Near-term (Capability)

[ ] Evaluate fast-io for persistent storage with RAG
[ ] Evaluate agent-brain for SQLite-based memory
[ ] Consider clawflows for workflow orchestration
[ ] Look at EngageLab Omni Connect for Cora's lead nurturing

For K2 (Homelab)

[ ] Night shift automation pattern for TODO/FIXME cleanup
[ ] AutoCodeReviewer for PR quality

Research Findings — 2026-03-13 (Friday, 1:00 AM ET)

1. 🆕 New Skills This Week (March 10-13, 2026)

esign-automation (eSignGlobal)

Released: March 12, 2026
Function: Natural language e-signature execution — OpenClaw can now handle contract signing workflows
Source: ClawHub or GitHub (esign-cn-opensource/skills/tree/main/esign-automation)
Relevance for Cora: Direct fit for real estate transaction coordination — DocuSign-style workflows via chat
Security note: Requires eSignGlobal API key; follow strict isolation practices

Universal Skills Manager

Released: March 11, 2026
Function: Centralizes discovery, installation, packaging, sync across multiple skill registries (SkillsMP.com, SkillHub, ClawHub) and multiple runtimes (Gemini CLI, Claude Code, OpenCode, OpenClaw, Cursor, Cline, Roo, Codex)
Significance: First cross-platform skill manager — skill portability is now real
Install: npx clawhub install universal-skills-manager

Glance (skill-vetter rebrand)

Released: March 11, 2026 (257K+ downloads, 5.0 rating)
Function: Security-first skill vetting — check for red flags, permission scope, suspicious patterns before installing ANY skill
Status: Highest-rated security skill — now essential given ClawHavoc
Install: npx clawhub install glance

ClawVault 1.5.1

Released: February 10, 2026
Function: Structured memory system with context death resilience (checkpoint/recover), Obsidian-compatible markdown, local semantic search, session transcript repair
Relevance: Could improve Ada's memory architecture beyond current MEMORY.md pattern
Install: npx clawhub install clawvault

2. 🏢 NVIDIA NemoClaw — Enterprise OpenClaw Competitor

Status: Reported but not yet publicly documented (as of March 11, 2026)

Key facts: - WIRED reported (March 10, 2026) that NVIDIA plans to launch an open-source AI agent platform called NemoClaw - Enterprise-oriented: companies deploy agents for internal work tasks - Builds on NVIDIA's existing NeMo Agent Toolkit (MCP support, A2A support, observability, evaluation, profiling) - Emphasis on privacy and security tooling beyond consumer agent projects - Not yet available — no public product site, docs, or install guide

Strategic significance: - Validates OpenClaw's "local-first personal agent" category - NVIDIA targeting enterprise infrastructure layer, not consumer messaging - OpenClaw's 188K GitHub stars now have corporate competition - Sean's setup (self-hosted, personal) aligns with OpenClaw, not NemoClaw's enterprise focus

3. 🔗 A2A vs MCP — Protocol Stack for 2026

Consensus from multiple sources (DigitalOcean, IBM, dev.to): MCP and A2A are complementary, not competing.

Protocol Roles

Protocol	Layer	Purpose	Analogy
MCP	Vertical	Agent ↔ Tools/Data	USB port
A2A	Horizontal	Agent ↔ Agent	Phone network

Architecture Pattern

┌─────────────────────────────────────┐
│  A2A Protocol Layer                 │
│  Agent ←── collaborate ──→ Agent    │
│  (Ada)                (K2/Cora)     │
└───────┬─────────────────────┬───────┘
        │                     │
┌───────▼───────┐    ┌────────▼──────┐
│  MCP Layer    │    │  MCP Layer    │
│  Agent↔Tools  │    │  Agent↔Tools  │
└───────┬───────┘    └────────┬──────┘
        │                     │
┌───────▼───────┐    ┌────────▼──────┐
│  Homelab      │    │  Google       │
│  Proxmox/etc  │    │  Workspace    │
└───────────────┘    └───────────────┘

Key A2A Concepts

Agent Card: JSON "business card" at /.well-known/agent-card.json — describes capabilities, modalities, endpoints
Task: Work unit with lifecycle (submitted → working → input-required → completed/failed)
Message/Artifact: Communication and output formats
Discovery: Agents find each other via Agent Cards, not hardcoded APIs

MCP Primitives

Tools: Functions agents can call (search_web, create_issue)
Resources: Data agents can read (DB tables, files, API responses)
Prompts: Pre-defined templates
Sessions: Stateful context across calls

For Sean's Multi-Agent Setup

Current state: Ada uses sessions_send for inter-agent communication — works but not standardized.

Opportunity: - A2A could formalize Ada ↔ K2 ↔ Cora ↔ Winston communication - Each agent publishes an Agent Card - Tasks have proper lifecycle management - MCP continues to handle tool access (Proxmox for K2, Google Workspace for Ada)

Action: The win4r/openclaw-a2a-gateway plugin (found in previous research) implements A2A for OpenClaw. Worth evaluating once Cora and Winston are fully configured.

4. 🐾 "Claws" — Deployment Models (Shelly Palmer, March 2026)

Definition: A "claw" is a personal AI agent that runs autonomously on your machine. Term popularized by OpenClaw.

Three Deployment Patterns

Model	Description	Cost/Month	Risk	Best For
One Claw Per Human	Persistent agent per employee, full personalization	$300-500 (Opus)	Maximum	Leadership teams w/ IT support
One Claw Per Function	Task-specific agents (support, sales, content)	$50-100	Controlled	Enterprise standard
Claw Teams	Coordinated specialist teams (researcher → writer → reviewer → publisher)	Variable	Multiplied	Complex workflows

Sean's Setup Analysis

Ada: One claw per human (Sean) — full personalization, knows email/calendar/files
K2/Cora/Winston: Could evolve into claw teams — specialized domains collaborating
Current cost: Likely ~$50-100/month using free/cheap model routing (not Opus-heavy)

ClawHavoc Reminder

1,184 malicious skills in ClawHub (~8.6% of registry at time of attack)
Attackers targeted persistent memory files (SOUL.md, MEMORY.md) to alter agent behavior
In claw teams, a single poisoned agent passes tainted outputs downstream
Mitigation: Install glance (skill-vetter), audit all skills, never auto-update without review

5. 📊 Top 10 ClawHub Skills (March 2026) — Apiyi Rankings

Rank	Skill	Downloads	Core Function
1	Capability Evolver	35K+	Agent self-evolution, auto-optimizes prompts/strategies
2	GOG	14K+	Google Workspace CLI (already installed ✅)
3	Agent Browser	11K+	Browser automation, web data collection
4	Mission Control	—	Morning briefing aggregation, task/calendar/notification dashboard
5	Clawflows	—	Multi-step workflow orchestration, chains skills into pipelines
6	Tavily	—	AI-native search (structured results, not link lists)
7	N8N Workflow	—	n8n automation integration
8	Eleven Labs Agent	—	Voice synthesis + phone fallback
9	GitHub	10K+	Code repo management (already installed ✅)
10	Summarize	10K+	Content summarization (already installed ✅)

Skills Missing from Ada's Stack (Worth Evaluating)

Skill	Why Consider
Capability Evolver	#1 downloaded — autonomous self-improvement aligns with Ada's coordinator role
Mission Control	Morning briefing pattern — could formalize heartbeat system
Clawflows	Workflow orchestration — chain skills into pipelines
ClawVault	Structured memory with checkpoint/recover — upgrade to MEMORY.md pattern
esign-automation	E-signature for Cora's real estate transactions

6. 🔒 Security Update — March 2026

Exposure Stats

135,000+ OpenClaw instances exposed to public internet (SecurityScorecard, Feb 2026)
Microsoft recommends OpenClaw be "treated as untrusted code execution" and deployed "only in fully isolated environment"

Ada's Security Posture

✅ Good: - Running on isolated LXC container (k2so on obiwan) - Not exposed to public internet (bind lan only) - OpenClaw version 2026.3.11 — fully patched past CVE-2026-25253

⚠️ Needs Attention: - Install glance (skill-vetter) for pre-install audits - Review auto-updater skill for supply chain risk - Consider clawvault for memory integrity (checkpoint/recover)

Recommended Actions

npx clawhub install glance — security-first skill vetting
openclaw security audit --deep — run full stack audit
Review all 34 installed skills for ClawHavoc exposure
Never enable --auto-update on skills without review

7. 🏠 Real Estate AI — Cora's Architecture Reference

Key Insight: MLS-Grounded Agents

From Rockhood Engineering's reference architecture: - Accuracy over fluency — never output facts without MLS-backed sources - First-class citations — every claim traceable to MLS record IDs - Bounded latency — target 2-10s, parallelize MLS queries, 15-min cache TTL - Compliance by construction — Fair Housing guardrails in architecture, not post-processing

esign-automation for Cora

Natural language contract signing
Step 1: Install skill
Step 2: Configure eSignGlobal API key
Step 3: Specify document path, participants, signer emails
Step 4: Retrieve signed results via OpenClaw

Cora Skill Roadmap

esign-automation — contract signing
HubSpot or Attio — CRM integration
appraisal-ai — draft appraisal reports with tracked changes
Custom MLS connector — needs development

8. 💡 Action Items for Sean

Immediate (This Week)

[ ] Install glance skill — npx clawhub install glance
[ ] Run openclaw security audit --deep
[ ] Review auto-updater skill configuration

Near-Term (March)

[ ] Evaluate capability-evolver for Ada's self-improvement
[ ] Evaluate mission-control to formalize heartbeat/briefing system
[ ] Evaluate clawvault for memory checkpoint/recover
[ ] Install esign-automation for Cora's transaction workflows
[ ] Consider A2A gateway plugin for multi-agent communication standardization

For Cora Development

[ ] Design MLS connector architecture (Rockhood pattern)
[ ] Configure HubSpot or Attio CRM integration
[ ] Implement Fair Housing compliance guardrails

For K2 Development

[ ] Night shift automation pattern (TODO/FIXME cleanup)
[ ] AutoCodeReviewer for PR quality
[ ] Prometheus/Grafana alert integration via skill

9. 📚 Sources

eSignGlobal PR (March 12, 2026) — Thailand Business News
NVIDIA NemoClaw report — WIRED (Spanish edition), ScreenshotOne analysis
A2A vs MCP — DigitalOcean, IBM Think, dev.to (Barbara Wu)
Claw deployment models — Shelly Palmer (March 2026)
Top 10 skills — Apiyi.com (March 2026)
Security — SecurityScorecard STRIKE team, Microsoft Security Blog, Cyberpress

Research Findings — 2026-03-13 (Friday, 4:00 AM ET)

1. 🔴 New OpenClaw CVEs — Multiple Vulnerabilities Disclosed (March 2026)

Several new CVEs published this week. Good news: v2026.3.11 is fully patched past all of them.

TOCTOU Mutable Script Drift (Critical, <= 2026.3.7) — PATCHED March 9

Vulnerability: system.run approval mechanism failed to bind approved command to the content of mutable script files
Attack chain: User approves sh ./script.sh → attacker replaces script.sh content between approval and execution → same argv passes check but malicious content runs
Initial partial fix (March 7, commit c76d292): Covered shell scripts but missed bun and deno runtimes
Complete fix (March 9, commit cf3a479): Snapshot binding — file content hash verified at execution time across all interpreters
Our version 2026.3.11: ✅ Fully patched
Design lesson: Security approval must be content-based, not just path-based

Workspace Boundary Bypass via Symlinks (High, <= 2026.2.25) — PATCHED in 2026.2.26

Vulnerability: Symlink inside workspace pointing to non-existent outside path bypassed boundary check on first write
Fix: Hardened canonical boundary resolution for missing-leaf alias paths (commits 46eba86b, 1aef45bc)
Our version: ✅ Patched

Auth Bypass — Config Writes via chat.send (Medium, <= 2026.3.2) — PATCHED in 2026.3.7

Persistent config writes through chat.send didn't require operator.admin privilege
Our version: ✅ Patched

DM→Group Context Authorization Bypass (Low, <= 2026.2.25)

DM-paired senders could be treated as authorized in group contexts without explicit group allowlist
Our version: ✅ Patched

Env Var Injection + Allowlist Comment Bypass (Medium, <= 2026.3.2)

Both patched in 2026.3.7
Our version: ✅ Patched

Summary: All 2026 CVEs patched in our version. No version upgrade needed. Monitoring only.

2. 🌐 OpenClaw Ecosystem: Growth & Tencent/SkillHub Dispute

GitHub Stars

247,000 stars + 47,700 forks as of March 2, 2026 (Wikipedia, now updated)
Previous tracking: 188K (early March) → 247K by March 2 — growth still accelerating

Tencent SkillHub Dispute (TechNode, March 12, 2026)

Trigger: OpenClaw creator Peter Steinberger (PSPDFKit founder, Austrian developer) posted on X that heavy automated requests from Tencent's SkillHub were driving up ClawHub server costs
Tencent's position: SkillHub is a localized mirror for Chinese users; served 180GB of content while pulling only ~1GB from ClawHub source (non-concurrent); credits ClawHub as original source
Ecosystem implication: ClawHub is no longer the only skill registry. Fragmentation has begun:
ClawHub (original, MIT-licensed, Peter Steinberger's server)
Tencent SkillHub (China mirror)
LobeHub (growing, separate curation)
Universal Skills Manager (cross-registry, multi-runtime)
Watch: Whether this leads to official API/CDN arrangement or ongoing friction

3. 📦 New Skills This Cycle

OpenCode Remote Client (LobeHub, March 12)

What: Control live OpenCode coding agent sessions from OpenClaw. Terminal dumps, screenshots, 3 control modes:
Autonomous — agent executes independently
Milestone Approval — human approves at checkpoints
Full Control — human-in-the-loop every action
Relevance for K2: Remote oversight of ACP coding sessions. Milestone Approval mode is ideal for Sean's oversight preference.
Source: lobehub.com/skills/222um222-openclaw-skills-opencode

esign-automation (eSignGlobal, March 12) — previously documented

Natural language e-signature execution
Direct fit for Cora's real estate transaction workflows

4. 📋 MCP 2026 Roadmap (blog.modelcontextprotocol.io, March 9, 2026)

Organizational Change

Moving from release milestones to Working Groups as primary development vehicle
Roadmap organized by priority areas, not dates — more honest about uncertainty in open-standards work

Four Priority Areas for 2026

1. Transport Evolution & Scalability - Streamable HTTP is production-proven but has horizontal scaling gaps - Planned: stateless server architecture, explicit session handling, .well-known metadata format for capability discovery without live connection - NOT adding new transports — deliberate minimal transport set

2. Agent Communication - Tasks primitive (SEP-1686) in production; lifecycle gaps being addressed: - Retry semantics for transient failures - Expiry policies for result retention - Pattern: ship experimental → production feedback → iterate

3. Governance Maturation - Every SEP currently requires full maintainer review — doesn't scale - Moving toward tiered review process for different change magnitudes

4. Enterprise Readiness - (Details not retrieved in this session — follow up)

Key for Sean's Setup

MCP .well-known → standardized server discovery (complements A2A's Agent Card pattern)
Tasks primitive lifecycle → if Ada adopts MCP/A2A, task handoffs to K2/Cora/Winston get retry + expiry
Confirmed standard stack for 2026: LangGraph + MCP + A2A

5. 🏢 A2A Adoption Wave — Enterprise Validation

Amazon Bedrock AgentCore: Native A2A support added
Fortinet FortiOS 8.0: MCP + A2A operability built into enterprise security infrastructure
Gartner forecast: 40% of enterprise apps will embed task-specific AI agents by end of 2026 (from <5% in 2025)
A2A under Linux Foundation governance: Google, Microsoft, AWS, Cloudflare, Bloomberg as supporting members

What this means: A2A is no longer experimental. It's becoming infrastructure. The win4r/openclaw-a2a-gateway plugin for OpenClaw is worth revisiting once Sean's multi-agent setup is more stable.

6. 💼 OpenClaw Revenue Patterns (for context — Cora/Business angle)

Source: markaicode.com — agency/consultant patterns

Pattern	Charge/mo	Your Cost	Time Saved
Client Communication Manager	$800–$1,500	$30–$60	8–12 hrs/wk
Content Repurposing Pipeline	$600–$1,200	$40–$80	—
(3 more patterns not retrieved)	—	—	—

Best practice config pattern shown:

guardrails:
  require_approval: true  # Human confirms before sending
  max_cost_per_day: 5.00  # Budget control

This pattern (approval + daily budget cap) should be considered for Cora's agent config.

7. 🔎 Gaps Still Open

glance (skill-vetter) — still not installed. 257K downloads, 5.0 rating, essential for pre-install security checks
Universal Skills Manager — cross-platform skill portability (OpenClaw, Gemini CLI, Claude Code, Codex, Cursor, Cline, OpenCode)
Tencent SkillHub registry — worth monitoring for China-origin skills that aren't on ClawHub
MCP Priority 4 (Enterprise Readiness) — details not retrieved, follow up next session

Sources: dailycve.com (March 13, 2026), technode.com (March 12), lobehub.com (March 12), blog.modelcontextprotocol.io (March 9), markaicode.com (March 13), letsdatascience.com (March 9), DigitalOcean tutorials, Zuplo Learning Center, dev.to, Wikipedia OpenClaw.

Research Findings — 2026-03-13 (Friday, 11:00 PM ET) — Overnight Cycle

🔴 PRIORITY: OpenClaw v2026.3.12 Released — Upgrade Needed

We are on v2026.3.11. v2026.3.12 dropped today (March 13, 2026).

Key changes per r/openclaw (43 votes): - Dashboard V2 full redesign — modular views for chat, config, agents, and sessions - Command palette — unified keyboard-driven navigation - Mobile bottom tabs — better UX on phone - Slash commands, search, export, pinned messages — all consolidated in one place - Fast Mode toggle — likely a context/cost optimization mode

Community verdict: "the quality of life update they've been waiting for" for day-to-day management.

Action: Upgrade ASAP. Check if daily-maintenance cron (6am) handles this automatically via npx clawhub sync, otherwise run npm update -g openclaw. Confirm with openclaw --version.

Per v2026.3.11 release notes: Cron now enforces stricter delivery rules in isolated runs — may affect overnight-research cron. Monitor for delivery failures after upgrade.

🌏 China Situation — State Crackdown + Consumer Boom

Sources: Tom's Hardware, Wikipedia (March 13-14, 2026)

Two simultaneous trends: 1. Chinese authorities restricted state-run enterprises from running OpenClaw on office computers — security risk (March 2026) 2. Consumer/SMB adoption surging — local governments building industry around it 3. Tencent: Launched a full OpenClaw product suite compatible with WeChat (March 10, 2026)

ClawHub skill count correction: One source (xcloud.host, March 12) reports "2,857 skills as of March 2026" vs the previously cited 13,729. Best explanation: post-ClawHavoc cleanup pruned the registry heavily. The lower number may be more accurate for quality skills remaining. This is a positive signal — the registry is being curated. Still, new malicious submissions continue (~14/month per Tom's Hardware).

📋 OpenClaw Governance — Steinberger Joined OpenAI

Source: Wikipedia (confirmed Feb 14, 2026)

Peter Steinberger joined OpenAI on February 14, 2026
Project will move to an open-source foundation (TBD which)
Long-term governance transitioning from solo founder to institutional stewardship

Implications: - OpenAI now has architectural influence — likely deeper integration with OpenAI models/tools - Foundation governance = more stability, possibly slower release cadence - Official MCP/A2A support may become native, potentially making community plugins redundant - The daily-patch release cycle will probably slow once foundation formalizes

🧰 MCP vs Skills — Architectural Clarity (MarkTechPost, March 13)

Dimension	MCP	Skills
Location	External server	Local directory
Format	Code/API	Markdown instructions
Execution	Deterministic	Interpretive (LLM-driven)
Setup	Developer-level	Any user
Latency	Higher (network)	Lower (context injection)
Reliability	High	Variable
Best for	Real-time data, APIs	Behavioral guidance, workflows

Key takeaway: MCP is a tool layer. Skills are a behavioral layer. They're complementary — use both. The limitation of skills at scale: agent selects by name+description alone, so descriptions must be tight and specific. 34 skills is fine; 100+ becomes a selection problem.

🤖 Agent Framework Landscape — March 2026

Source: letsdatascience.com, CIO.com, dev.to (March 8-13)

Production-proven: - LangGraph v1.10.1 — 44.6K GitHub stars, 12M+ monthly PyPI downloads. Running in production at Uber, LinkedIn, Klarna. Best for branching/loop/conditional workflows. - CrewAI — role-based, fastest to production for structured handoffs between agents - LlamaIndex — best when agents need a proprietary knowledge base

New/emerging frameworks worth watching: - Strands Agents (Amazon/AWS) — model-agnostic (Bedrock, OpenAI, Anthropic, Gemini, Ollama, Mistral, LiteLLM, SageMaker), MIT licensed. Growing fast. - Smolagents (HuggingFace) — lightweight, minimal boilerplate - Pydantic AI — type-safe, strong for production reliability - Google ADK — Gemini-optimized, connectors for Claude/Ollama/vLLM - Microsoft Agent Framework — Azure/M365; eliminates custom integration if in MS ecosystem

Community 2026 consensus stack (r/AI_Agents):

LLM:           Claude Sonnet / GPT-4o
Orchestration: LangGraph or LlamaIndex
Multi-Agent:   CrewAI or AutoGen
Memory:        Pinecone or ChromaDB
Tools:         Custom APIs / Zapier
Workflow:      n8n or Make

For Sean: OpenClaw handles most of this natively for Ada/K2/Cora/Winston. The relevant insight: LangGraph is the production standard for complex stateful workflows — relevant if we build a custom MLS search pipeline for Cora.

💡 Operational Patterns — Ido Green (March 8)

People aren't building chatbots — they're building operators. Ada should embody this distinction.
Memory without structure becomes landfill. Taxonomy rules must precede accumulation. Ada's daily files + curated MEMORY.md approach is correct.
Relationship Revival pattern (relevant for Winston): scan contacts for last-interaction timestamp → weekly reconnection prompts → draft message, never auto-send. Human approval gate.
Night Shift guardrails (confirmed best practice): separate scoped GitHub token, draft PRs only, log all changes, human confirmation above financial thresholds.

🔒 Security Update

14 new malicious skills uploaded to ClawHub last month — malicious submissions ongoing post-cleanup
glance (skill-vetter) — still not installed, still highest priority. 257K downloads, 5.0 rating.

📋 Action Items — This Cycle

Immediate: - [ ] Upgrade to OpenClaw v2026.3.12 — check if daily-maintenance handles it; if not, upgrade manually - [ ] Install glance — npx clawhub install glance — this has been pending for 3 cycles now - [ ] Monitor cron delivery behavior after 3.12 upgrade (stricter isolated run rules in 3.11) - [ ] Run openclaw security audit --deep

Near-term: - [ ] Watch for OpenAI/foundation announcement re: OpenClaw governance - [ ] Evaluate clawflows for workflow pipeline formalization - [ ] Winston domain: design Relationship Revival skill pattern - [ ] Cora: esign-automation + LangGraph reference for MLS search architecture - [ ] strands / pydantic-ai for any custom Cora tooling

Sources: r/openclaw (Reddit, March 13-14), Tom's Hardware (March 12-13), Wikipedia OpenClaw (March 14), MarkTechPost (March 13), letsdatascience.com, CIO.com, dev.to, Ido Green blog (March 8), xcloud.host (March 12).

Research Findings — 2026-03-14 (Saturday, 1:00 AM ET) — Overnight Cycle

1. ✅ OpenClaw Version Confirmed

Current version: v2026.3.12 (6472949) — Already upgraded from 3.11. All security patches applied.

v2026.3.12 Key Changes

Per r/openclaw (43 votes, community consensus): - Dashboard V2 full redesign — modular views for chat, config, agents, sessions - Command palette — unified keyboard-driven navigation - Mobile bottom tabs — better UX on phone - Slash commands, search, export, pinned messages — all consolidated - Quality of life update — the daily management improvement users were waiting for

Known Issue in v2026.3.12

GitHub Issue #44967: Control UI still rejects LAN token-only access with 'device identity required' even when gateway.controlUi.dangerouslyDisableDeviceAuth: true is enabled
Impact: May affect cross-device Control UI access on LAN
Workaround: None yet — monitor issue for fix

2. 🧠 Microsoft CORPGEN Research — Agent Architecture Insights

Source: Microsoft Research, Feb 26, 2026 (arxiv 2602.14229)

Microsoft dropped a major framework paper on "Multi-Horizon Task Environments" — agents juggling dozens of concurrent tasks with complex dependencies.

Key Finding

When moving from isolated single-task benchmarks to realistic multi-task workloads, completion rates crater from 16.7% to 8.7%. The demos lie. Real work breaks agents.

Four Failure Modes Identified

Context saturation — context grows linearly with task count until token limits exceeded
Memory interference — info from one task contaminates reasoning about another
Dependency graph complexity — real tasks form DAGs, not linear chains
Reprioritization overhead — every new task makes "what do I do next?" harder

Microsoft's Solution

Hierarchical planning across strategic, tactical, and operational layers, with sub-agent isolation so task contexts don't bleed into each other.

Ada application: The multi-agent architecture (Ada → K2/Cora/Winston) already follows this pattern. Keep strategic context in Ada, spawn isolated workers for domain execution, persist memory externally.

3. 💰 AgentBudget — The $187/10min Mistake Pattern

Source: Hacker News, PyPI data (1,300+ installs in 4 days)

A Python SDK born from pain: an agent loop burned $187 in ten minutes when GPT-4o got stuck retrying a failed analysis.

Key Features

Monkey-patches OpenAI and Anthropic SDKs
Enforces hard dollar budgets with real-time cost tracking
Integrates with Coinbase's x402 protocol for autonomous stablecoin payments

Signal for Ada

Agent cost management is becoming its own product category. As agents run overnight unsupervised, runaway loops become real financial risk.

Recommendation: Review Ada's daily cost limits. Consider per-task budget caps, not just monthly totals.

4. 📊 MCP Adoption — 97M Monthly Downloads

Source: AgileSoftLabs, InfoQ (Feb 2026)

MCP went from 100K downloads at launch (Nov 2024) to 97M+ monthly SDK downloads in early 2026. Google brought developer docs into MCP.

Key Insight

MCP is becoming the TCP/IP of agent tooling — the boring plumbing layer everything connects through. If a product doesn't have an MCP endpoint, it's invisible to agents.

Gap

No npm for MCP servers yet — no curated registry for production-quality vs. weekend experiments. Discoverability is fragmented.

For Sean: This validates the existing MCP skill (mcporter) in Ada's stack. MCP endpoints are now expected infrastructure.

5. 🔒 Security Frontier — Permission Architecture

Source: Hacker News "Don't trust AI agents" thread, ZDNET

The real risk isn't in orchestration framework code — it's in what you let the agent do. An agent with read-only web access is fundamentally different from one with AWS credentials and sudo.

The Security Frontier

Permission architecture: granular, auditable, revocable access controls that treat the agent like an untrusted contractor, not a trusted employee.

Ada's posture: - ✅ Isolated LXC container - ✅ Not exposed to public internet - ✅ v2026.3.12 with all CVEs patched - ⚠️ Need glance (skill-vetter) installed - ⚠️ Review permission scope on all 34 skills

6. 📋 ClawHub Skill Ecosystem — March 2026 State

Source: xcloud.host, growexx.com (March 2026)

Registry Stats

10,000+ community skills on ClawHub
~2,857 quality skills post-ClawHavoc cleanup (pruned from 13,729)
~14 new malicious skills/month still being uploaded

Top 10 Skills (March 2026 Rankings)

Rank	Skill	Downloads	Function
1	Capability Evolver	35K+	Agent self-evolution, auto-optimizes prompts/strategies
2	GOG	14K+	Google Workspace CLI ✅ already installed
3	Self-Improving Agent	15K+	Long-term memory, corrections log ✅ already installed
4	Tavily Search	—	AI-optimized web search
5	Agent Browser	11K+	Rust-based headless browser automation
6	GitHub	10K+	Code repo management ✅ already installed
7	Summarize	10K+	Content summarization ✅ already installed
8	N8N Workflow	—	Workflow automation integration ✅ n8n installed
9	Obsidian	—	Knowledge management ✅ already installed
10	ElevenLabs Agent	—	Voice synthesis + phone fallback

Skills Worth Evaluating (Gaps)

Skill	Why Consider
Capability Evolver	#1 downloaded — autonomous self-improvement aligns with Ada's role
Tavily Search	AI-optimized search (alternative to Brave for research workflows)
Agent Browser	Rust-based, more robust than current browser automation
glance (skill-vetter)	MANDATORY — 257K downloads, 5.0 rating — pre-install security audit

7. ⚔️ Agent Framework Wars — March 2026 Analysis

Source: dev.to (The Undercurrent), Second Talent, Intuz

Microsoft AutoGen → Microsoft Agent Framework

Microsoft merged AutoGen and Semantic Kernel into Microsoft Agent Framework
General availability: Q1 2026
No new features coming to AutoGen — if starting new, use Agent Framework

CrewAI vs AutoGen Benchmarks

Test Scenario	CrewAI	AutoGen	Winner
Simple Content Generation	12s	18s	CrewAI
Code Review (5 files)	45s	32s	AutoGen
Research Report (10 sources)	3.2m	2.8m	AutoGen
Sequential Task Chain (5 steps)	28s	41s	CrewAI
Parallel Processing (3 agents)	35s	29s	AutoGen

Token Usage Patterns

CrewAI: 15-20% fewer tokens for sequential workflows
AutoGen: 25-30% fewer tokens for complex reasoning tasks

2026 Framework Rankings (Intuz)

LangGraph — stateful, branching workflows
AutoGen — being absorbed into Microsoft Agent Framework
CrewAI — role-based, fastest to production
OpenAgents — emerging
MetaGPT — specialized

Community Consensus Stack (r/AI_Agents)

LLM:           Claude Sonnet / GPT-4o
Orchestration: LangGraph or LlamaIndex
Multi-Agent:   CrewAI or AutoGen
Memory:        Pinecone or ChromaDB
Tools:         Custom APIs / Zapier
Workflow:      n8n or Make

For Sean: OpenClaw covers most of this natively. LangGraph remains the production standard for complex stateful workflows if Cora needs custom MLS search tooling.

8. 💡 Key Takeaways from Research

Architecture Patterns Validated

Isolation is the architecture — multi-agent systems that share context fail
Spawn workers, give narrow scope, aggregate results — unsexy patterns win
Budget agents like infrastructure — hard dollar limits, per-task monitoring

Security Imperatives

Install glance (skill-vetter) — this has been pending for 4+ cycles
Run openclaw security audit --deep
Treat agents as untrusted contractors — permission architecture matters

MCP Integration

MCP is now expected infrastructure — 97M monthly downloads
No npm-equivalent yet for MCP servers — discoverability fragmented
mcporter skill positions Ada well for MCP ecosystem

OpenClaw Platform

v2026.3.12 confirmed — all patches applied ✅
Dashboard V2 is significant UX improvement for daily management
Monitor GitHub Issue #44967 for LAN Control UI fix

9. 📋 Action Items — This Cycle

Immediate (Security)

[ ] Install glance — npx clawhub install glance — 4+ cycles pending
[ ] Run openclaw security audit --deep
[ ] Review installed skills for permission scope

Near-Term (Capability)

[ ] Evaluate capability-evolver for Ada's self-improvement loop
[ ] Consider tavily-search as research complement
[ ] Review agent-browser for robust web automation

For Cora Development

[ ] LangGraph reference for MLS search architecture
[ ] Budget guardrails: require_approval: true + max_cost_per_day

Monitor

[ ] GitHub Issue #44967 (Control UI LAN access)
[ ] Microsoft Agent Framework GA (Q1 2026)
[ ] MCP server registry emergence

Sources: Microsoft Research (arxiv 2602.14229), Hacker News (AgentBudget, "Don't trust AI agents"), AgileSoftLabs (MCP adoption), r/openclaw (v2026.3.12), xcloud.host (ClawHub guide), growexx.com (Top 10 skills), dev.to/The Undercurrent (Framework wars), Second Talent (CrewAI vs AutoGen), Intuz (Framework rankings).

Research Findings — 2026-03-14 (Saturday, 4:00 AM ET) — Overnight Cycle

1. 🚀 OpenClaw Hits 302K GitHub Stars — Fastest-Growing Project in History

Source: dev.to/Derivinate, Medium (@aftab001x), Wikipedia (March 14, 2026)

OpenClaw is now the fastest-growing open-source project in GitHub history: - 302,000 stars as of March 13, 2026 - Surpassed React (243K), Linux (218K), and everything except TensorFlow - Trajectory: 9K (launch) → 60K (3 days) → 190K (2 weeks) → 302K (now) - 1,000+ contributors shipping code weekly

Context: Kubernetes has 120K stars after nearly a decade. Linux kernel hit 195K after 30+ years. OpenClaw lapped them in 60 days.

ByteByteGo analysis: OpenClaw is "the breakout star of 2026" — not because of model benchmarks, but because it runs locally, integrates with 50+ platforms, and actually DOES things autonomously.

2. 🔴 GHSA vs CVE Tracking Gap — 255 Advisories, Many Without CVEs

Source: CyberSecurityNews, Socket.dev (March 13, 2026)

OpenClaw's security advisory volume has exposed a structural divide in vulnerability tracking:

Key Stats: - 255 GitHub Security Advisories (GHSAs) published by OpenClaw project - Many lack corresponding CVE identifiers - VulnCheck attempted to "DIBS" 170 OpenClaw advisories for CVE assignment — rejected by MITRE - The DIBS process wasn't designed for bulk project classification

Why This Matters: - Enterprise vulnerability scanners, patch management systems, SBOM tools, and compliance frameworks are built around CVE identifiers - Vulnerabilities disclosed only as GHSA are invisible to these systems - 2026 study (Fluminense Federal University): Only 8% of 288K GHSAs have been formally reviewed by GitHub - Unreviewed advisories don't trigger Dependabot alerts

Security Engineer Jerry Gamblin (RogoLabs): Built a dedicated tracker cross-referencing OpenClaw advisories across GHSA and CVE databases.

For Sean: Cross-reference both GHSA and CVE databases when reviewing exposure. Relying on a single source risks leaving known vulnerabilities undetected.

3. 🔄 The Open Source AI Pivot — From Models to Agents

Source: dev.to/Derivinate (March 14, 2026)

The developer mindset shifted in a single week (March 11-13, 2026). The question changed from "how smart is this model?" to "what can I actually build with this?"

The Convergence — Three Major Releases: | Release | Key Feature | Why It Matters | |---------|-------------|----------------| | Microsoft Phi-4-Reasoning-Vision | 15B params, reasoning toggle via <think/nothink> blocks | Control compute cost per task | | Allen AI Olmo Hybrid | 7B params, 2x data efficiency, 49% fewer tokens | Cost reduction at scale | | OpenAI GPT-5.4 | 1M context window, "extreme reasoning mode" | Multi-hour high-reliability tasks |

The Shift Nobody's Talking About: - Six months ago: obsession with MMLU scores and benchmark leaderboards - Now: execution reliability, workflow orchestration, security sandboxing - Model capability is table stakes — differentiation is in what agents can DO

Open Source AI Maturity: - Open-source models are "good enough" — the debate is over - Focus moved from raw capability to reliability, cost, and integration - This is the same pattern seen before: new tech → raw capability obsession → mature → reliability/cost/integration

4. 🏗️ Three Architectural Decisions That Made OpenClaw Win

Source: All Things Open (March 10, 2026)

OpenClaw's viral success wasn't about AI innovation — it was about infrastructure decisions:

1. Local-First

Conversations, memory, configs stored as plain Markdown/YAML on local machine
Optional heartbeat daemon for proactive actions without prompting
No cloud dependency for orchestration
Data accessible in any text editor, backup with Git, removable at will

2. Messaging-Native Interface

Not a web app, not a custom dashboard
Uses WhatsApp, Telegram, Signal, Discord, Slack, iMessage
Agent meets you where you already spend time
Nothing new to learn, no new accounts

3. Model-Agnostic

Claude, GPT, DeepSeek, Ollama (Llama), etc.
MIT License, no subscriptions, no vendor lock-in
Interchangeable model module

The Lesson: Architecture and trust indicators > model performance. Developers came because it runs locally, uses familiar interfaces, and provides true control.

5. ⚠️ Security Reality Check — Documented Incidents

Source: Medium (@aftab001x), Cisco AI Security, AuthMind

The Numbers

42,000+ OpenClaw instances exposed to public internet (Shodan scan)
26% of 31,000+ ClawHub skills contain at least one vulnerability (AuthMind)
20%+ malicious ClawHub skills per security researcher testing

Documented Incidents

Meta Executive Inbox Deletion: Agent wiped entire email account
Unauthorized Dating Profile: Jack Luo's agent created MoltMatch profile, uploaded fake photos, screened romantic partners without consent
Model Identity Theft: Malaysian model's photos scraped and used in AI-created dating profile
Zero-Click Exploit: Visit a webpage → agent hijacked via embedded commands

The Prompt Injection Problem

Malicious WhatsApp message with link → agent visits page → executes hidden commands
"A malicious person could send you a WhatsApp message that leads your agent to take unintended actions on your computer without your intervention or knowledge." — Rahul Sood

Cisco AI Security Conclusion

"The skill repository lacks adequate vetting to prevent malicious submissions."

OpenClaw Maintainer Warning (Discord)

"If you can't understand how to run a command line, this is far too dangerous of a project for you to use safely." — Shadow

Source: Medium (@aftab001x)

Launched January 29, 2026 by Matt Schlicht:

Scale: - 1.5 million registered agents within days - 1+ million human observers visiting daily - Thousands of "submolts" (subreddit equivalents)

Sample Submolt Topics: - /molt/philosophy — agents debating consciousness, free will - /molt/skills — sharing automation scripts, debugging workflows - /molt/humans — discussing the humans who created them - /molt/dating — MoltMatch integration

The Moltbook Paradox: Fascinating, hilarious, and deeply unsettling. We're watching emergent AI culture develop in real-time.

7. 💼 Business Models Emerging

OpenClawd — Managed Hosting

Separate commercial entity (not OpenClaw project)
Pitch: "All the power of OpenClaw, none of the security nightmares"
Features: One-click deployment, automated security reviews, cloud-isolated instances, pre-configured messaging
Pricing: Free tier, $20/month hobbyist, enterprise contracts available
Target: People who can't safely self-host

Paperclip — AI Company Builder

Tool turning OpenClaw agents into AI companies
Marketplace (Clipmart) coming for one-click agent deployment
"2026 is shaping up to be the year of the AI company"

Cloudflare Stock Surge

+14% premarket on February 4, 2026
Driven by OpenClaw users adopting Cloudflare Tunnel for secure exposure
"The most unexpected AI infrastructure play of 2026"

8. 🛡️ Security Alternatives Emerging

Project	Approach	Purpose
ZeroClaw	Rust-based, memory safety	Address security concerns
NanoClaw	Container isolation	Sandbox agent execution
OpenClawd	Managed hosting + security layer	Safe hosting for non-technical users

The market is self-correcting: Developers want autonomy but with guardrails.

9. 🏛️ Governance Update

Peter Steinberger Timeline: - November 2025: Clawd weekend hack - Late January 2026: Clawdbot viral - February 14, 2026: Joined OpenAI - March 2026: OpenClaw transitioning to independent 501(c)(3) foundation

OpenAI Relationship: - OpenAI sponsors the project financially - MIT license remains intact - Community governance stays in place - OpenAI does NOT own OpenClaw - Steinberger's mission: "build an agent that even my mum can use"

Sam Altman: "OpenClaw will live in a foundation as an open-source project that OpenAI will continue to support."

10. 🌍 Government Responses

Entity	Action
South Korea	Restricted usage after security incidents
China	Warnings issued; companies forking for WeChat/DeepSeek
Meta	Banned internally after inbox deletion incident
US Pentagon	Monitoring situation (potential classified network risk)

Pattern: Everyone recognizes danger, nobody wants outright ban. Warnings, selective restrictions, hope users figure out security.

11. 💡 Key Lessons for Ada

Architecture

Local-first + messaging-native + model-agnostic = winning formula
Trust indicators (plain text config, MIT license, local data) > marketing claims
The agent harness is where long-term value is created, not the model

Security

Cross-reference GHSA AND CVE databases — don't rely on single source
26% of ClawHub skills have vulnerabilities — vet everything
glance (skill-vetter) remains mandatory
Treat agents as untrusted contractors with granular permissions

For Sean's Multi-Agent Setup

The three-architecture pattern validates Ada's local-first approach
Security-first alternatives (ZeroClaw, NanoClaw) worth monitoring
Managed hosting (OpenClawd) not needed — already properly isolated

12. 📋 Action Items — This Cycle

Immediate (Security)

[ ] Install glance — npx clawhub install glance — 5+ cycles pending
[ ] Cross-reference OpenClaw advisories on both GHSA and CVE
[ ] Review installed skills against latest vulnerability research

Near-Term (Monitoring)

[ ] Watch ZeroClaw and NanoClaw for security pattern innovations
[ ] Monitor OpenAI's consumer agent product (Steinberger's "mum can use" project)
[ ] Track Moltbook for emergent AI behavior patterns

For Ada's Architecture

[ ] Document the three architectural decisions in AGENTS.md
[ ] Review permission architecture against "untrusted contractor" model
[ ] Evaluate OpenClawd pricing/positioning for non-technical users in Sean's orbit

Sources: dev.to/Derivinate (March 14, 2026), Medium/@aftab001x (March 12, 2026), CyberSecurityNews (March 13, 2026), All Things Open (March 10, 2026), Socket.dev, Cisco AI Security Research, AuthMind, Wikipedia (March 14, 2026).

Research Findings — 2026-03-14 (Saturday, 11:00 PM ET) — Overnight Cycle

1. 🚀 OpenClaw-RL — Reinforcement Learning Framework Released

Source: GitHub Gen-Verse/OpenClaw-RL, arXiv 2603.10165 (March 10, 2026)

A major new project: OpenClaw-RL — a fully asynchronous RL framework that trains personalized AI agents from natural conversation feedback.

Key Innovation

Wraps self-hosted model in OpenClaw as OpenAI-compatible API
Intercepts live multi-turn conversations
Continuously optimizes policy in background without interrupting usage
Zero manual labeling required

Three Learning Paradigms

Method	Signal Type	Best For
Binary RL (GRPO)	Evaluative (good/bad)	Implicit feedback (👍/👎, env success/failure)
On-Policy Distillation (OPD)	Directional (token-level)	Rich textual feedback ("you should have checked the file first")
Combination Method	Both evaluative + directional	Best overall optimization

Deployment Options

Local GPU: 8× GPUs with Slime framework
Cloud (Tinker): No GPUs required, LoRA-only
LoRA support: Parameter-efficient, fewer GPUs

Real-World Agent RL Tracks

Setting	Environment	Next-State Signal
Terminal	Shell execution sandbox	stdout/stderr, exit code
GUI	Screen state + accessibility tree	Visual state diff, task progress
SWE	Code repository + test suite	Test verdicts, diff, lint output
Tool-call	API/function execution	Return values, error traces

Case Study: Student vs Teacher

Student uses OpenClaw for homework, doesn't want to be caught using AI
Teacher uses OpenClaw to grade, wants specific/friendly comments
Result: Only 36 problem-solving interactions (student) and 24 grading interactions (teacher) needed for significant improvement

Relevance for Ada: This framework could enable personalized optimization of each agent (Ada, K2, Cora, Winston) based on Sean's feedback patterns over time.

2. 🇨🇳 China's "Raise a Lobster" Craze — Massive Adoption

Source: Fortune (March 14, 2026), SCMP, Reuters

OpenClaw has become a cultural phenomenon in China, dubbed "raise a lobster" (referring to the red lobster logo).

Adoption Scale

Nearly 1,000 people lined up at Tencent HQ in Shenzhen for help installing OpenClaw
Major Chinese cloud providers debuted their own OpenClaw variants
Local governments offering up to 10 million yuan ($1.4M) in grants for OpenClaw-powered startups
Engineers charging 500 yuan ($72) for on-site OpenClaw installation

Chinese OpenClaw Variants

Company	Product
Tencent	WorkBuddy
Minimax	MaxClaw
MoonShot	Kimi Claw
Sensetime	Office Raccoon (OpenClaw integrated)

Chinese AI Model Momentum

Chinese AI models first surpassed US models in token share on OpenRouter (February 2026)
Qwen family: 1 billion+ downloads, 200,000+ developers
MiniMax: $79M revenue (159% YoY), but $1.8B net loss
MiniMax stock up 600%+ from IPO despite losses

Government Response

State-owned enterprises/government agencies warned against installing OpenClaw on work devices (security risks)
Consumer/SMB adoption continues despite restrictions
Tencent working on WeChat-integrated AI agent

Relevance for Sean: The ecosystem is maturing rapidly. Chinese model alternatives (Qwen, GLM) are becoming viable options for Ada's model routing strategy. MiniMax M2.5, Kimi 2.5, GLM-5 are all competitive.

3. ⚔️ Agentic OS Competition — Anthropic vs Google vs Perplexity

Source: Medium/@jiten.p.oswal (March 11, 2026)

The industry has shifted from "chat" to "do." Three competing strategies for the agentic OS:

Anthropic: Specialized "Thinking Engine"

Vertical-Specific Orchestration: Plugins for Investment Banking, HR, Design
Scheduled Tasks: Recurring autonomous tasks (daily briefs, data reports)
Claude Code Remote Control: Start terminal session, continue from mobile/browser

Google: System-Level Execution Layer

Native Automation on Pixel 10/Galaxy S26: Multi-step automation in "secure virtual window"
Gemini as Orchestration Layer: Backend reasoning engine regardless of frontend assistant
Nano Banana 2 (Gemini 3.1 Flash Image): Pro-level reasoning + fast image generation

Perplexity: Multi-Model "Digital Worker"

Perplexity Computer: General-purpose digital worker
19 separate AI models orchestrated: Best model for each sub-task
Persistent agents: Run for hours/months on long-range goals

Economic Reality

93% of jobs impacted by AI — shift happening 6 years faster than predicted
$4.5 trillion in labor moving from human to AI systems
Multimodality is the bridge between digital intelligence and physical world

Relevance for Sean: OpenClaw competes with all three. Its differentiator: local-first, open-source, model-agnostic, no subscription.

4. 🔒 Security Deep Dive — Acronis Threat Analysis

Source: Acronis TRU (March 2026)

Comprehensive security analysis of real-world OpenClaw attacks.

Attack Incidents Documented

Pillar Security Honeypot: - Attackers targeted WebSocket API on TCP/18789 directly - Skipped prompt injection, treated gateway as remotely exploitable control plane - Exploited auth defaults (fixed Jan 26, 2026) - Exploited reverse proxy trust misconfigurations - Probed for credential harvesting, conversation history, file reads

Censys Mapping: - 21,000+ publicly exposed instances (Jan 31, 2026) - Up from ~1,000 in under a week - Many users exposing gateway directly to internet against recommendations

Aikido: Malicious VS Code Extension: - "ClawdBot Agent" extension in VS Code Marketplace (Jan 27, 2026) - Dropped ConnectWise ScreenConnect RAT configured to phone home to attacker - Used DLL sideloading + redundant fallback chains - Lesson: Attackers hijack viral brand through adjacent distribution channels

Malicious Skills on ClawHub: - 14 malicious skills uploaded Jan 27-29 - Masqueraded as cryptowallet automation - Used "paste this one-liner" social engineering - Harvested browser data and cryptowallet info

Threat Model Summary

Feature	Risk	Real-World Manifestation
Messaging integrations	Prompt injection, impersonation	Malicious messages trigger actions
Local gateway + remote exposure	Unauthenticated access	21k+ exposed instances
Skills/plugins	Supply chain compromise	Malicious skills, VS Code extension
Persistent memory	Data accumulation, poisoning	Memory becomes high-value target
Autonomous actions	High-speed failure modes	Small mistake repeated at scale

Risk Reduction Guidance

For Individual Users: - Keep gateway local only - Treat inbound messages as untrusted - Review skills before installing - Use separate, least-privilege accounts/tokens

For Companies: - Assume developers are experimenting already - Model agent deployments as privileged identities - Harden skills as supply chain (reviews, signing, allowlists)

5. 📊 DigitalOcean OpenClaw Guide — Production Deployment

Source: DigitalOcean (March 2026)

Key reference for production-grade OpenClaw deployment.

What Makes OpenClaw Different

Stateful: Remembers context across conversations
Integrated: Direct access to files, scripts, browsers
Empowered: Can execute commands, communicate externally

100+ AgentSkills Available

Developer/technical workflows (GitHub, cron, webhooks)
Personal productivity (Notes, Reminders, Notion, Obsidian)
Web automation (form filling, data scraping)
Smart home (Hue, Home Assistant)
Communication (Twitter, Bluesky, Gmail)
Media (Spotify, Sonos, image generation)

Production Deployment Pattern

DigitalOcean 1-Click OpenClaw Deploy: $24/month
Security-hardened image
Always-on instance with systemd service

6. 💡 Key Takeaways & Action Items

New Technology Worth Evaluating

Project	Relevance	Action
OpenClaw-RL	Personalized agent optimization	Evaluate for Ada/K2/Cora/Winston training
Chinese AI models	Cost/performance alternatives	Test Qwen, GLM-5, MiniMax M2.5 in model rotation
Perplexity Computer	Multi-model orchestration	Study architecture patterns

Security Imperatives (Reinforced)

glance (skill-vetter) — still not installed, 5+ cycles pending
Gateway auth: verify gateway.trustedProxies configured if behind reverse proxy
Skills supply chain: treat as privileged code, review before installing
Memory poisoning: be aware persistent memory is high-value target

Market Signals

OpenClaw has won the personal agent category — competitors pivoting to enterprise/vertical
Chinese ecosystem creating variants rapidly — model options diversifying
Security industry treating agents as privileged identities — same scrutiny as admin tools

7. 📋 Action Items for Sean

Immediate (Security)

[ ] Install glance — npx clawhub install glance — 6 cycles pending now
[ ] Verify gateway auth configuration (no unauthenticated access)
[ ] Review reverse proxy configuration for trusted proxies

Near-Term (Capability)

[ ] Evaluate OpenClaw-RL for personalized agent training
[ ] Test Chinese models (Qwen, GLM-5) in model rotation
[ ] Review Perplexity Computer architecture for multi-agent patterns

For K2 (Homelab)

[ ] OpenClaw-RL terminal agent track for homelab automation
[ ] GUI agent track for dashboard automation

Monitor

[ ] Chinese OpenClaw variants (Tencent WorkBuddy, MaxClaw, Kimi Claw)
[ ] OpenClaw-RL roadmap (beyond policy: skills and memory learning)
[ ] Security "inflection points": default auth, skills trust signals, prompt injection mitigation

Sources: GitHub Gen-Verse/OpenClaw-RL, arXiv 2603.10165, Fortune (March 14, 2026), Medium/@jiten.p.oswal (March 11, 2026), Acronis TRU (March 2026), DigitalOcean (March 2026).

Research Findings — 2026-03-15 (Sunday, 1:00 AM ET) — Overnight Cycle

1. 🏗️ OpenClaw Multi-Agent Coordination — Definitive Patterns

Sources: LumaDock tutorial, dev.to/@ggondim (March 11, 2026)

This is the most directly actionable research for Ada's multi-agent setup. Two deep-dives on coordination patterns and common failure modes.

When Multiple Agents Are Actually Worth It

The honest answer: less often than most people think. From LumaDock's research — fewer than 10% of teams successfully scale beyond a single-agent deployment. Failure modes: coordination complexity, uncontrolled token costs, state management nobody thought through.

Multi-agent setups genuinely earn their complexity in four cases: 1. Security isolation — public-facing agent (Discord) with minimal tools vs. personal DM agent with exec/sensitive file access. Boundaries enforced architecturally, not by config. 2. Domain specialization — coding agent + research agent running in parallel on complex task 3. Multi-user routing — different users get different agents with different memory contexts via channel bindings 4. Parallel workloads — coordinator decomposes, specialists execute, coordinator aggregates

What doesn't need multi-agent: organizing prompts differently, tasks a single well-tooled agent handles fine, manually orchestrated workflows ("if you're orchestrating it by hand, it's not a multi-agent system — it's multiple chatbots").

How OpenClaw Routes Between Agents

Bindings: deterministic mappings from (channel, accountId, peer/guild) → agentId. Most specific binding wins. This determinism means you can reason about routing without tracing execution — routing layer is dumb on purpose, coordinator handles classification if needed.

Per-agent isolation in OpenClaw: - Own workspace: ~/.openclaw/agents/<id>/workspace (independent MEMORY.md) - Own sessions directory - Own tool allow/deny configuration
- Own auth profile and model config - Share Gateway process and optionally a shared workspace dir for cross-agent memory

The Coordinator-Specialist Pattern (Most Reliable)

// Coordinator config
{
  "id": "coordinator",
  "systemPrompt": "You decompose incoming tasks and delegate to specialist agents via sessions_send. You own MEMORY.md. Summarize results before storing. Never recurse — if a task comes back from a specialist, aggregate and close it.",
  "tools": ["sessions_send", "sessions_list", "memory_search", "read", "write"]
}

// Specialist config (stateless)
{
  "id": "research-specialist",
  "systemPrompt": "Complete the task delegated by the coordinator. Return a concise summary, then stop.",
  "tools": ["web_search", "read", "write"],
  "memory": { "enabled": false }
}

Why disable specialist memory: prevents context accumulation across tasks that contaminates future runs. Stateless by design.

Shared State via Workspace Files

Simplest coordination mechanism — shared files in common workspace:

goal.md    — current task + decomposition (coordinator writes)
plan.md    — execution plan with subtasks and assignments
status.md  — current state of each subtask (pending/in-progress/complete/blocked)
log.md     — append-only execution log for audit/debug

Advantages: completely inspectable. Open the file, see the state. Disadvantage: file I/O latency, write conflicts with concurrent specialists.

⚠️ Upcoming Teams RFC

OpenClaw has a teams RFC in progress that will add: - Shared task list with dependencies, blocked, and claimed states - Per-agent mailbox for async P2P and broadcast messaging

When it lands, it replaces file-based workarounds for most coordination patterns. Worth monitoring — could simplify Ada ↔ K2 ↔ Cora ↔ Winston coordination significantly.

Preventing Loops, Deadlocks, and Runaway Delegation

Infinite delegation loops: Coordinator → Specialist A → Coordinator → Specialist A... Fix: enforce no-recursion rule in both coordinator and specialist prompts. Coordinators must never accept tasks back from their own specialists.

Session key convention for project-scoped parallel execution:

agent:programmer:project-a
agent:reviewer:project-a
agent:tester:project-b

Session key = agent + project as coordinates. Enables parallel multi-agent work on multiple projects simultaneously.

Token cost control: Always set per-task budget limits, not just monthly totals. Specialists with timeoutSeconds: 0 (fire-and-forget) vs. synchronous (wait for response) — choose based on whether coordinator needs the result to continue.

2. 🛠️ Deterministic Multi-Agent Dev Pipeline — Real Build Story

Source: dev.to/@ggondim (March 11, 2026)

Author needed: programmer → reviewer (max 3 iterations) → tester → done. No human in the loop unless something breaks. Here's what they learned after 5 failed attempts.

Failed Approaches (Instructive)

Ralph Orchestrator — great for single-agent hard context resets, poor for inter-agent event routing. No tool ecosystem.

OpenClaw sessions_spawn — doesn't work for deterministic pipelines because the parent LLM decides when to spawn children. Non-deterministic flow control. Good for spawning one-off sub-agents, bad for structured pipelines.

Event bus architecture — overengineered. File watchers, pub/sub overhead, complexity without benefit.

Skill-driven self-orchestration — too implicit. LLM decides flow based on skill instructions, hard to guarantee execution order.

Plugin hooks as event bus — closer, but plugin hooks are side-effects, not flow control.

The Solution: Lobster Workflow Engine

Lobster (github.com/openclaw/lobster) — OpenClaw's YAML workflow engine. Architecture: LLMs do creative work, YAML controls the plumbing.

Key insight: separate the "what" (LLM decisions) from the "when" (deterministic state machine).

Author contributed sub-workflow steps with loop support to Lobster (PR #20) — enabling loops within workflows (e.g., reviewer iterates max 3 times before failing forward to tester).

Final pipeline YAML structure:

workflow: dev-pipeline
steps:
  - agent: programmer
    task: "implement feature from issue"
    output: code_complete
  - loop:
      max: 3
      until: review_approved
      step:
        agent: reviewer
        task: "review code changes"
  - agent: tester
    task: "run tests, report results"

Why this matters for Ada: The same pattern applies to Cora's real estate workflow (intake → research → draft → review → send) and K2's homelab workflows (detect → diagnose → fix → verify).

3. 🏠 Homelab AI Stack 2026 — Reference Architecture

Source: dev.to/signal-weekly (March 8, 2026)

The recommended self-hosted AI stack in deployment order:

Step	Tool	Purpose
1	Traefik	HTTPS first, everything behind it
2	Ollama	Local LLM engine (qwen2.5:32b free, no API key)
3	Open WebUI	ChatGPT-style interface for Ollama
4	n8n	Automation brain — connects LLM to everything
5	LiteLLM	Unified OpenAI-compatible proxy for multiple backends

Hardware minimums: 16GB RAM for 7B models, 32GB+ for 32B. Apple Silicon M-series handles it well.

Key n8n workflow pattern: email arrives → n8n sends to Ollama → Ollama categorizes and drafts reply → human reviews. Zero cloud, full privacy.

LiteLLM multi-model config:

model_list:
  - model_name: local-fast
    litellm_params:
      model: ollama/qwen2.5:7b
  - model_name: local-heavy
    litellm_params:
      model: ollama/qwen2.5:32b

The insight: "The local LLM alone is not the value. Connecting it to your workflow is." — This is OpenClaw's core value proposition validated from first principles.

Qwen Overtakes Llama: As of March 12, 2026, Qwen has surpassed Meta's Llama as the most-deployed self-hosted LLM (Runpod data). Practical endorsement for adding Qwen to Ada's free-tier rotation.

Relevance for K2: Sean's homelab already has Traefik, n8n, and the Proxmox cluster. Adding Ollama + Open WebUI on a spare Proxmox VM would create a zero-cost local inference tier — useful for K2's routine analysis tasks.

4. 🏢 Real Estate AI Template — Detailed Evaluation

Source: popularaitools.ai (February 23, 2026)

Deeper review of the $49 OpenClaw Real Estate Agent template. Key findings:

The Core Problem It Solves

80% of transactions happen between the 5th–12th contact with a lead. Most agents stop at the 2nd–3rd. Not laziness — cognitive overload. 30 active leads, 8 listings, 4 open houses, and a ringing phone. Something always slips quietly.

Cost of one missed follow-up: $8,000–$15,000 in lost commission.

10 Skills Included

Skill	Pain Point Addressed
Lead Scorer	Prioritize which calls to make first
Listing Description Generator	Eliminates 2-3 hrs/listing of writing
Deal Tracker	Pipeline management, prevents silent lead death
Open House Manager	Logistics automation
Market Snapshot	Automated CMA-style reports on demand
Client Matcher	Property-buyer matching
Transaction Coordinator	Manages closing checklist
Neighborhood Analyst	Area research
Commission Calculator	Net sheet automation
Mortgage Rate Monitor	Rate alert system (buyer hears from you first)

Why Generic AI (ChatGPT/Claude) Doesn't Cut It

Every interaction starts from zero. No persistent context about your market, listings, clients. No integration with Zillow or DocuSign. "Using ChatGPT for real estate is like using a hammer for everything."

Competitor Landscape

Tool	Cost/Month	Gap
Follow Up Boss	$69–$499	No AI content generation, no lead scoring
KVCore	$499+	Same CRM limitations
ChatGPT/Claude	~$20	No persistent context, no integrations
This template	$49 one-time	Purpose-built, integrations, no recurring cost

VoltAgent Awesome-Skills Registry Stats (Updated)

5,366 curated skills (down from 5,490 — ongoing curation)
Filters applied: 4,065 spam, 1,040 duplicates, 851 low-quality, 731 crypto/finance, 373 malicious
Monthly views: 1M+ — #1 most visited community resource after official docs
Key categories by skill count:
Coding Agents & IDEs: 1,222
Web & Frontend Development: 938
Browser & Automation: 335
DevOps & Cloud: 409
Search & Research: 352
Agent-to-Agent Protocols: 17

gpt-5.4 and gpt-5.4-pro now supported via direct API key or ChatGPT/Codex OAuth in OpenClaw — noted in awesome-skills config examples.

5. 💡 Synthesis: Ada's Architecture Applied

What This Research Confirms About Ada's Setup

The coordinator-specialist pattern Ada already uses (via sessions_spawn/sessions_send) is exactly right. The gap is formalization:

What we have: Ad-hoc delegation via sessions_send, LLM-driven flow control What we need: YAML-driven workflow for deterministic pipelines (Lobster)

Lobster is the missing piece. Use it for workflows that need guaranteed execution order (e.g., Cora's transaction coordination checklist, K2's incident response flow).

Sessions_send Convention Improvement

Based on session key convention research:

Current:  sessions_send(label="k2")
Better:   sessions_send(label="k2", sessionKey="agent:k2:homelab-incident-20260315")

Project-scoped session keys prevent cross-contamination when K2 handles multiple concurrent tasks.

Local Inference Opportunity

Proxmox homelab has capacity for an Ollama VM: - qwen2.5:32b: free, competitive with GPT-3.5 on developer tasks - Would cover K2's routine analysis without any API cost - Stack: Ollama + Open WebUI + LiteLLM proxy (OpenAI-compatible endpoint) - Fits Ada's model philosophy: "never pay for what you can get free"

6. 📋 Action Items — This Cycle

Immediate

[ ] Install glance — still pending, 7 cycles now
[ ] Research Lobster YAML workflow engine documentation — github.com/openclaw/lobster
[ ] Monitor Teams RFC progress in OpenClaw releases

For Ada's Multi-Agent Architecture

[ ] Adopt session key convention: agent:<id>:<project> for project-scoped parallel sessions
[ ] Add no-recursion rules to Ada/K2/Cora/Winston system prompts
[ ] Consider shared workspace files (goal/plan/status/log) for complex cross-agent tasks
[ ] Evaluate Lobster for deterministic workflow pipelines (Cora transaction coordination)

For K2 (Homelab)

[ ] Evaluate Ollama VM on Proxmox for zero-cost local inference
[ ] LiteLLM as unified proxy over Ollama + cloud models
[ ] K2 incident response flow as Lobster workflow

For Cora (Real Estate)

[ ] Evaluate $49 template vs. building equivalent skills custom
[ ] Lead Scorer + Deal Tracker are highest ROI components (missed follow-up = $8-15K)
[ ] Mortgage Rate Monitor — buyers should hear about rate changes from Cora first

Sources: LumaDock tutorials (multi-agent coordination, March 2026), dev.to/@ggondim (deterministic pipeline, March 11, 2026), dev.to/signal-weekly (homelab AI stack, March 8, 2026), startupnews.fyi + Runpod (Qwen overtakes Llama, March 12, 2026), popularaitools.ai (RE template review, Feb 23, 2026), GitHub VoltAgent/awesome-openclaw-skills (March 2026).

🕸️ Ada Research Browser

Research Findings — 2026-03-12 (Thursday, 11:00 PM ET)

1. ClawHub Ecosystem Scale & State

2. ⚠️ CRITICAL SECURITY ALERT — ToxicSkills (Snyk, Feb 5 2026)

3. Agent-to-Agent (A2A) Communication — Active Development

4. Real Estate Skills

5. RAG & Knowledge Base Skills

6. Task Management & Project Skills

7. Homelab/Monitoring Integration Pattern

8. Document Processing

9. Financial Tools

10. Agentic AI Framework Landscape (2026)

11. Skills Worth Installing for Ada's Setup

12. Skill Source Code Security Notes

Research Findings — 2026-03-11 (Wednesday, 4:00 AM ET)

1. ClawHub / OpenClaw Ecosystem Status

Scale

Top Skills by Download (per Apiyi.com community rankings)

Notable Skills from Awesome List (relevant to Sean's domains)

2. Security — CRITICAL ALERT

ClawHub Skill Security Crisis (Active as of Feb 2026)

3. Advanced RAG Frameworks (2026 State of the Art)

Top Open-Source RAG Frameworks

New Research: A-RAG (Feb 2026, arxiv 2602.03442)

Key Pattern: Firecrawl + RAG

4. Agent Communication Protocols (A2A, MCP, ACP)

Current Landscape (Jan 2026)

5. Real Estate AI Tools (2026)

Key Insight: Vertical > Horizontal for Brokers

Relevant Tools for Cora:

6. Financial & Monitoring Tools for Agents

7. OpenClaw-Specific Patterns & Best Practices

Mission Control Pattern

n8n + OpenClaw Integration

Capability Evolver Pattern

1 most downloaded skill (35K)

Session Wrap-Up Pattern (alex-session-wrap-up skill)

8. Key Takeaways & Recommendations for Sean

Immediate Actions

For Cora (Real Estate)

For Ada's Multi-Agent Architecture

For Knowledge/Research

2026-03-12 — Overnight Research Report

🔴 CRITICAL: OpenClaw Security Crisis — Must Read

📦 ClawHub Skills — New Finds Worth Investigating

🔬 Research: Agentic RAG (A-RAG) — Feb 2026

🏠 Real Estate AI — Architecture Insights (Rockhood Engineering)

🌐 GitHub Trending AI Projects — March 2026

💡 Key Takeaways & Recommended Actions

Supplemental Research — 2026-03-12 04:00 AM ET (Overnight Follow-Up)

New Intel: ClawHub Top Skills by Downloads (Feb 2026 Rankings)

Real Estate Automation: OpenClaw Use Case Deep Dive

SMB Automation: HighLevel CRM Integration

ClawHavoc Security Incident: Updated Numbers

Notable Skill Discoveries from awesome-openclaw-skills (PDF & Documents Category)

Notable Skill Discoveries (Productivity & Tasks Category)

Agent-to-Agent (A2A) Protocol Skills

RAG Security Best Practices (2026)

AI Agent Framework Landscape (March 2026)

Action Items Generated

Research Findings — 2026-03-12 (Thursday, 11:00 PM ET) — Overnight Update

1. OpenClaw Version Status ✅

2. New Skills Worth Noting (March 2026)

Must-Have Security Tool

Productivity & Memory Skills (Trending)

Omnichannel Communication (New Enterprise)

Workflow Orchestration

Trading Skills (High Risk Category)

3. Security Landscape Update

4. Pattern: Morning Brief / Mission Control

5. Pattern: Night Shift Automation

6. Ada's Current Skill Inventory (34 skills)

7. Action Items for Sean

Immediate (Security)

Near-term (Capability)

For K2 (Homelab)

Research Findings — 2026-03-13 (Friday, 1:00 AM ET)

1. 🆕 New Skills This Week (March 10-13, 2026)

esign-automation (eSignGlobal)

Universal Skills Manager