Home
Tech·

OpenClaw Is Banned — Here's Why

OpenClaw Is Banned — Here's Why
Watch this as a video

So here it is — the final message sent by my OpenClaw agent. Since Anthropic's cutoff on April 4th, I've resurrected it using different LLM providers. But I wanted to walk through what actually happened, how this whole situation unfolded, and where I think things are heading.

The Timeline

It all started on November 24th, 2025, when the original OpenClaw implementation (initially called "Project Weirly," I think) launched to the public. All throughout this period, Anthropic wasn't quite sure what to do about it. Their stance on using Claude subscriptions with third-party tools was vague.

Then on January 9th, 2026, Anthropic blocked third-party tools from using OAuth. Tarek, someone who works on Claude Code, posted:

Yesterday we tightened our safeguards against spoofing the Claude Code harness after accounts were banned for triggering abuse filters from third-party harnesses using Claude subscriptions.

This definitely sparked controversy and kicked off the chain of events that followed.

The Economics Behind It

You're probably already aware of the AI token subsidization debate. Anthropic offers an all-you-can-eat buffet via its consumer subscription — $200/month for the Max plan — but restricts consumption speed through its official tool, Claude Code. Third-party harnesses remove those speed limits.

An autonomous agent running inside OpenClaw can execute high-intensity loops — coding, testing, fixing errors overnight — that would be cost-prohibitive on a metered API plan. As Hacker News noted, in a single month of Claude Code usage, it's easy to burn through tokens that would have cost over $1,000 at API prices. The real number is probably much higher.

Anthropic's reasoning makes sense from their perspective: if you're using Claude Code, you have cached tokens because you keep asking Claude to edit the same code. That's their managed environment where they control rate limits and the execution sandbox. The alternative is their commercial API — metered, per-token pricing for businesses and anyone not using it for coding.

The TOS Gets Teeth

Around February 19–20th, Anthropic formalized the ban in updated terms of service:

You may not access or use our services through automated or non-human means, whether through a bot, script, or otherwise. Using auth tokens obtained through Claude Free, Pro, or Max accounts in another product, tool, or service, including the Agent SDK, is not permitted and constitutes a violation of the consumer terms of service.

But I don't think it was enforced right away. Plenty of people kept using their subscriptions with OpenClaw and other harnesses. It was still a grey zone. I even heard sentiments like "I reached out to Anthropic and they said it's fine." The TOS said otherwise — it was only a matter of time.

The Claude Code Leak

Then on March 31st, things got interesting. Anthropic accidentally published the entire source code of Claude Code inside an NPM package. No hack, no reverse engineering — a missing .npmignore entry shipped a 59.8 MB source map containing 512,000 lines of unobfuscated TypeScript across roughly 1,900 files.

This leak exposed enforcement mechanisms like client attestation and anti-distillation — things meant to protect Anthropic's flagship models from being distilled by competitors. How directly this relates to the April 4th full OpenClaw cutoff, I'm not entirely sure, but the timing is hard to ignore. It happened in very quick succession.

Where Things Stand

As of now, my OpenClaw is running a different model. I'm not even sure how useful it is anymore. The subsidized Anthropic subscription was great for running Opus on OpenClaw, but I don't have a strong business case for paying API pricing for it. It was good while it lasted.

A lot of people are replacing OpenClaw with simple orchestration scripts, maybe running claude -p where you just pass a prompt directly:

claude -p "Print out my system time"

It spins up in agentic mode, figures out the right bash command, and gives you the answer. You can orchestrate this for file manipulations, limit tool access, or just use it as a chat interface. Simple, and it works within the rules.

OpenClaw was brilliant — a tool that a lot of people used and I'm sure plenty of people at Anthropic used too. But the more popular it got, the more Anthropic's infrastructure started hurting.

I'm curious what comes next. Will Anthropic eventually offer an official way to run background agents on the Max plan? Or will the gap between consumer and API pricing just keep widening? Let me know what you think.