“Two engineers who built the core of the massively popular OpenClaw AI agent have a stark warning: The artificial intelligence supposedly capable of replacing well-paid software developers is flooding the world with bad, potentially even dangerous, code.
It's a phenomenon they call "vibe slop" -- a combination of "vibe coding," creating software with AI tools by describing it in plain English, and "AI slop," the endless, low-value AI-generated content all over social media.
Vibe slop happens when coders replace the hard work of designing and testing a system with the shortcut of prompting AI to whip it up, they say, and the resulting software won't stand the test of time.
It's become a big enough problem that the world's main repository of open-source code -- GitHub -- has instituted new policies and features to combat it.
"You have infrastructure that's falling apart, and you have software that's now very, very buggy compared to before," says Mario Zechner, creator of Pi, the agentic harness inside OpenClaw [1].
"We can play this game for a couple more months, or maybe even years, but eventually, it will catch up to us."
Zechner and his partner in making Pi, Armin Ronacher, aren't saying AI is never useful. Both use it to handle drudge work in their own projects. And they believe in it enough to have crafted an AI coding tool now used by millions.
Their core message: These systems are supposed to make senior engineers so productive that companies can lay off junior engineers, but in reality, many companies are trading near-term productivity for long-term woes. Not only does the pipeline of junior talent dry up, but residual effects include buggy software, service outages, security vulnerabilities and mounting technical debt.
As independent programmers with stature but no dependencies on Big Tech, the pair are sounding off in a debate now raging across the software universe -- right at a time when two giants, OpenAI and Anthropic, are looking ahead to their IPOs.
Boosters say AI can revolutionize how companies handle decades of legacy code, and it has in some cases. And even developers who aren't unleashing AI on their company's core software report finding a happy medium, using AI for creating software tests or quick prototypes.
Many in top AI labs insist that AI itself is a solution for evaluating and improving AI-generated code, without humans going over every last line.
"If you assume it will work out of the box, it probably won't," says Rohan Varma, who leads the team at OpenAI that builds its coding tool, Codex.
To make AI-generated code into something that can be rolled out to actual customers, engineers can now use Codex itself to check that code, he adds. Already, the system can view and test websites like a human would, check that code was written with company-specific best practices and prod it for security issues.
Yet when it comes to critical infrastructure serving millions of people, even at OpenAI, human engineers are ultimately responsible for reviewing any code generated by AI, and for the success or failure of those systems, he says.
In a recent post, Alphabet Chief Executive Sundar Pichai wrote that 75% of all new code at Google is generated by AI, up from 50% last fall. A year ago, Meta CEO Mark Zuckerberg predicted that before 2026 ends, AI would be writing and reviewing most of the code from the company's internal AI development team.
It's hard to reconcile such statements with the misgivings of critics. But that just speaks to confusion about what today's AI agents can and can't do, says Zechner.
For instance, AI coding tools are better at generating new code than assessing and upgrading existing software, especially the massive reams of it that exist inside established companies.
Startups using AI agents to vibe code their products can rapidly create new programs. But once their systems reach a certain level of size and complexity, Zechner adds, they find themselves in the same boat as larger enterprises, which have found AI agents to be of limited use.
Anthropic, with its Claude Code tool, is a case study in these tensions.
Zechner lauds the company for "dogfooding" its own software -- that is, using it to build its own internal systems. But he doesn't like the tool.
"Claude Code is one of the most broken pieces of software I've ever used in my entire life," he says, citing flickering on-screen graphics, feature creep and a prodigious appetite for memory. Zechner blames these issues on its developers' use of AI to build it.
Catherine Wu, head of product for Claude Code at Anthropic, says the visual flicker was a side effect of a software team moving at a rapid pace and prioritizing the rollout of new features.
In the past year, the median user of Claude Code went from using it 20 minutes a day to 20 hours a week. The flicker has largely been fixed, she adds.
AI tools enable junior engineers to take more responsibility for the features they develop, from concept through delivery to customers, says Wu.
While Anthropic is constantly updating the instructions it gives AI to help it avoid its past mistakes, she adds, "The human still has the end responsibility."
Anthropic has some of the best AI engineers on the planet, so an AI-heavy approach can work for them, but it might not work for all of the company's customers, says Timothy B. Lee, a computer scientist who writes the newsletter Understanding AI. When dealing with their in-house software systems, many firms depend on the tacit knowledge staff programmers have accumulated over years -- none of which would be in training data for AI agents.
"These models can very easily go the wrong direction, and somebody has to notice that," says Lee.
Zechner believes a reckoning is coming. He thinks big companies will soon realize that their overemphasis on AI-produced code is driving up costs and leading to subpar software.
He thinks many smaller startups that depend on vibe coding will fold. He also thinks cloud-based repositories of useful software tools, like GitHub, will continue to fill up with AI-generated coding garbage.
Just before Zechner and Ronacher dialed into our video interview from their home offices in Austria, Zechner had to ban a (human) programmer from contributing to one of his code repositories on GitHub. Without the programmer's knowledge, his AI agent was filing one bogus error report after another.
Zechner, shaking his head, said, "I mean, what are we even doing?"” [2]
1. Pi is the minimalist, self-modifying open-source coding agent that acts as the core "brain" and agentic harness powering OpenClaw. While OpenClaw handles messaging and omnichannel routing, Pi handles the low-level execution: managing context, tool calls (Read, Write, Edit, Bash [2]), and the agent's actual workflow.
Why Pi powers OpenClaw
OpenClaw is essentially an always-active, multimodal personal assistant that lives in your chat apps (like Slack, Discord, and Telegram). It relies on Pi for the following reasons:
• Embedded Runtime: OpenClaw doesn’t just ping an API; it embeds Pi’s runtime directly to ensure a persistent session, custom tool injection, and session branching/compaction.
• Minimalist Core: Unlike bloated agents, Pi has a tiny system prompt and minimal built-in tools. Instead of downloading heavy extensions, you simply ask the agent to modify itself to build the exact features or skills you need.
• Proactivity: Because it runs under a persistent gateway, Pi can execute background tasks like evaluating cronjobs or scanning emails independently, bridging the gap between a chat interface and a functional, long-running assistant.
Key Architectural Differences
What separates Pi from other tools (like Claude Code) is its focus on unopinionated customization and self-modification.
• Tooling: Pi ships with only four core tools—Read, Write, Edit, and Bash [2]—relying on its extension system to persist state and create new skills.
• Self-Modification: Pi's documentation is included in its context. When it lacks a capability, you can prompt Pi to write and install new tools to enhance its own abilities.
• Integrations: Pi abstracts away the model provider, allowing OpenClaw to easily rotate API accounts, handle context windows, and swap between major models seamlessly.
2. EXCHANGE --- Keywords: The AI Superstars Who Say a 'Vibe Slop' Crisis Is Coming --- A pair who helped launch the agentic-AI craze worry that their creations are pumping out bad -- even dangerous – code. Mims, Christopher. Wall Street Journal, Eastern edition; New York, N.Y.. 23 May 2026: B2.
3. In the context of OpenClaw, Pi is a minimalist AI agent harness that serves as its core reasoning engine. The Bash tool is one of the four "primitive" tools that Pi provides, allowing the agent to execute shell commands directly on your machine or within a sandbox.
Role of Bash in Pi
The Pi harness is built on the philosophy that "Bash is all you need". By giving the agent access to a Bash environment, it can:
- Self-Modify: Read, edit, and reload its own source code at runtime without needing a restart.
- Execute Tasks: Perform real-world actions like system monitoring (e.g., checking CPU temperature with vcgencmd measure_temp), managing files, or controlling smart home devices via curl. [4]
- Extend Functionality: Instead of downloading external extensions, you can ask the agent to write a new Bash script to handle a specific task, effectively extending its own capabilities.
Usage on Raspberry Pi
When running OpenClaw on a Raspberry Pi, the Bash tool is used both for the initial setup and for the agent's ongoing operations.
Installation
You typically install OpenClaw on a Pi by piping a shell script to Bash:
bash
curl -fsSL https://openclaw.ai/install.sh | bash
Use code with caution.
Alternatively, if you manage your environment with npm, you can install it globally:
bash
npm install -g openclaw@latest
openclaw onboard --install-daemon
Use code with caution.
Practical Automations
Once installed, you can command the Pi-based agent to run Bash snippets for
local tasks:
- Server Health: "How is my Pi doing?" triggers commands like free -h or df -h.
- Home Automation: "Turn off the lights" can fire a curl command to a Home Assistant API.
- File Management: Automate backups or extract downloaded archives without needing to SSH in yourself.
Security Note
Because the Bash tool allows for arbitrary code execution, it is highly recommended to run these agents in a restricted environment or virtual machine to prevent accidental or malicious system changes. For stable access on a Raspberry Pi, Tailscale is often recommended to secure the connection to the OpenClaw gateway.
4. To control smart home devices via curl, you typically interact with a Local API, a Cloud API, or a central Home Automation Hub like Home Assistant.
A. Control via Home Assistant API
The most robust method for controlling multiple brands is through Home Assistant's REST API. You must first generate a Long-Lived Access Token from your user profile in the Home Assistant UI.
- Turn on a light:
bash
curl -X POST \
-H "Authorization: Bearer YOUR_LONG_LIVED_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"entity_id": "light.living_room"}' \
http://YOUR_HA_IP:8123/api/services/light/turn_on
Use code with caution.
- Get device status:
bash
curl -H "Authorization: Bearer YOUR_LONG_LIVED_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
http://YOUR_HA_IP:8123/api/states/light.living_room
Use code with caution.
B. Direct Local Control (No Hub)
Some devices, like Shelly or Tasmota-flashed plugs, offer direct HTTP control without a hub. [5]
- Shelly (Local Network):
bash
# Turn on a Shelly 1 relay
curl "http://192.168.1"
Use code with caution.
- Tasmota (Local Network):
bash
# Turn on a Tasmota plug
curl "http://192.168.1"
Use code with caution.
C. Control via Webhooks (IFTTT) [6]
For devices that don't have a local API but support IFTTT, you can use the Webhooks service to trigger actions.
- Trigger an IFTTT action:
bash
curl -X POST https://ifttt.com
Use code with caution.
Summary Table: Authentication & Methods
|
Method |
Auth Type |
Example Usage |
|
Home Assistant |
Bearer Token |
Authorization: Bearer <token> |
|
Shelly (Local) |
None / Basic |
http://<ip>/relay/0?turn=on |
|
IFTTT |
URL Key |
https://maker.ifttt.com/trigger/... |
|
Cloud APIs |
API Key / OAuth |
Vary by brand (e.g., Tuya, Shelly Cloud) |
Key Considerations
- Security: Avoid exposing local HTTP APIs to the open internet. Use a VPN or a secure hub like Home Assistant.
- Response Handling: curl commands often return a JSON response [7]. You can pipe the output to jq (e.g., curl ... | jq '.') to make it readable.
- Fixed IPs: Ensure your smart devices have static IP addresses or DHCP reservations in your router settings so the curl commands don't break when IPs change.
5. Tasmota-flashed plugs are smart plugs running open-source Tasmota firmware, enabling 100% local control and privacy. They integrate flawlessly with home automation systems like Home Assistant via MQTT. These devices eliminate reliance on third-party cloud apps, ensuring your network remains secure and functional.
Why Choose Tasmota?
- No Cloud Required: All scheduling, switching, and monitoring happen locally on your network.
- Energy Monitoring: Many Tasmota plugs include precise energy tracking chips (like the HLW8032) for real-time power measurement.
- High Compatibility: Natively connects with MQTT ecosystems, Home Assistant, Node-RED, and openHAB.
Popular Pre-Flashed Models
If you prefer a plug that works right out of the box, you can buy devices that come with Tasmota pre-installed:
- Athom US/EU Plugs: Known for offering reliable pre-flashed plugs with built-in power monitoring. You can view the specs directly on AthomTech.
- Local Bytes: A popular vendor for pre-flashed devices, particularly in the UK and EU. Explore their availability at Local Bytes.
- KAUF: A well-regarded option accessible to users in North America.
How to Flash Your Own
If you already have a smart plug (like a Sonoff S31) and want to flash Tasmota yourself, you will generally follow these steps:
Check Compatibility: Ensure your plug is based on an ESP8285/ESP8266 Wi-Fi chip.
Open the Plug: Carefully pry open the plastic housing to expose the circuit board.
Solder/Connect Serial: Connect an FTDI programmer (USB-to-TTL adapter) to the device's TX, RX, VCC, and GND pins.
Flash the Firmware: Use a tool like Tasmotizer or the Tasmota Web Installer to overwrite the factory firmware.
Configure the Template: Once flashed, connect the plug to your computer, enter your local Wi-Fi credentials in the Tasmota Web UI, and apply the correct pinout "Template" for your specific device model.
6. IFTTT (If This Then That) is a free web-based automation platform used to connect your favorite apps, devices, and services so they work together seamlessly. It eliminates tedious daily tasks by automating interactions between different platforms—such as social media, smart home devices, and productivity tools.
How It Works
- The "If This" (Trigger): An event that happens in one service (e.g., your security camera detects motion, or you post a photo on Instagram).
- The "Then That" (Action): The resulting response in another service (e.g., your living room lights turn on, or the photo is natively posted to X/Twitter).
- Applets: These automated chains are called Applets (formerly recipes) and can be easily built yourself or chosen from thousands of pre-made options
.
Popular Use Cases
- Smart Home Automation: Make devices from competing brands communicate.
- Example: If your SimpliSafe system is armed, then automatically turn off your Ecobee smart thermostat and lock your August smart locks.
- Content & Social Media: Cross-post content instantly without manual copying.
- Example: If you publish a new blog post via RSS, then share the link natively on your Facebook page and X/Twitter feed.
- Productivity & Work: Save time on routine digital tasks.
- Example: If you get an email with an attachment in Gmail, then automatically save that attachment to a specific folder in Dropbox.
- Personal Life & Utilities: Automate personal reminders and phone features.
- Example: If it is forecast to rain tomorrow, then send a notification to your phone tonight.
- Example: If you arrive at work, then automatically mute your Android phone’s ringer.
7. A JSON response is data sent from a server to a client (like your web browser or a mobile app) that is formatted as a JSON string. It is currently the most common way for modern APIs to communicate.
Why it’s used
- Lightweight: It uses a simple text format that is faster to transfer than older formats like XML.
- Easy to read: It is structured in human-readable key-value pairs.
- Universal: While "JSON" stands for JavaScript Object Notation, almost every programming language can easily "parse" (translate) it into a format it understands.
What it looks like
A typical JSON response might look like this:
json
{
"status": "success",
"data": {
"user": "JaneDoe",
"id": 101,
"active": true
}
}
Use code with caution.
- Objects are contained in curly braces {}.
- Arrays (lists) are contained in square brackets [].
- Keys must always be in double quotes (e.g., "user").
How apps use it
- Request: Your app asks a server for information (e.g., "Get my profile info").
- Response: The server sends back a text-based JSON response.
- Parsing: The app uses a built-in method—like response.json() in JavaScript's Fetch API—to turn that text into a usable code object.
Komentarų nėra:
Rašyti komentarą