Tim Dietrich, a solopreneur developer, has published a detailed account of how he replaced OpenClaw with a hand-crafted team of 34 specialized Claude Code agents — a decision driven by security concerns rather than capability gaps. OpenClaw, the open-source framework that crossed 180,000 GitHub stars and drew two million visitors in a single week, has drawn sharp criticism from the security community. Cisco called it a "security nightmare," SecurityScorecard identified tens of thousands of exposed instances leaking API keys, and Bitdefender documented nearly 900 malicious plugins in its ClawHub marketplace, with automated scripts continuously uploading new malicious skills. Security researcher Simon Willison coined the "lethal trifecta" to describe OpenClaw's core risk: private data access, untrusted content exposure, and external communication capabilities all running simultaneously in a single long-lived process with broad system permissions.

Dietrich's alternative organizes 34 Claude Code agents into 11 functional groups covering software development, business intelligence, communications, and critical thinking — including roles like an Enterprise Software Developer, a Competitive Intel Analyst, a Contract Analyst, and a Devil's Advocate whose sole job is stress-testing assumptions. Each agent is an on-demand process invoked only when needed, not a persistent daemon. Agents hand off work via file-based pipelines rather than shared memory, preventing context bleed and eliminating the network exposure that makes OpenClaw instances attractive targets: open ports, internet-facing gateways, persistent authentication tokens. "The absence of the lethal trifecta isn't something I engineered in," Dietrich writes. "It results naturally from treating each agent as a short-lived, narrowly scoped process."

He is also building a lightweight orchestrator to act as a dispatcher, maintaining a roster of specialists with <a href="/news/2026-03-14-nah-deterministic-permission-guard-claude-code">defined capabilities and access boundaries</a>. When a multi-step task arrives — a usability review followed by a developer fix, for example — the orchestrator proposes a sequenced plan, waits for human approval, then spawns each agent as a separate Claude Code process. That <a href="/news/2026-03-14-aperture-core-multi-agent-attention-engine">approval gate</a> is central to his argument. "You don't need agents running while you sleep to get real leverage," he writes. "The convenience trade-off is a reasonable price for a dramatically reduced attack surface."

OpenClaw's security problems have not slowed its adoption, but Dietrich's post is a working answer for developers who have looked closely at those problems. Thirty-four agents, eleven groups, no persistent processes, no shared memory, no open ports. The architecture is auditable because it is simple.