TENEX vs OpenClaw

Google ran 180 agent configurations. Multi-agent degraded sequential reasoning by 39–70%. Naive coordination doesn't scale — it breaks.

Credit Where It's Due

What OpenClaw Does Well

OpenClaw is a consumer AI assistant. It excels at personal productivity. If you need to chat with Claude on your phone, use OpenClaw. 

Feature                  Status
───────────────────────  ──────────────────────────────────
User base                227K GitHub stars, 300K+ estimated users
Consumer platforms       WhatsApp, Telegram, Discord, 13+ integrations
Multi-agent support      Two architectures, depth 1-5, concurrent spawning
Onboarding               `openclaw onboard` and you're running
Ecosystem                ClawHub with 34,000+ skills
Architecture

The Fundamental Differences

These aren't feature gaps. They're structural decisions that lead to different outcomes. 

Dimension              OpenClaw                     TENEX
─────────────────────  ───────────────────────────  ──────────────────────────────
Transport              Proprietary gateway RPC      Nostr protocol
Agent identity         Config files, no signing     Cryptographic keypair per agent
Memory                 Session-scoped SQLite-vec     Persistent (lessons, reports, RAG, +files)
Project scope          Single workspace, no isolation Project is the fundamental container
Cross-project work    Not supported                Agents move between projects by design
Economic agency       Explicitly banned             Architecturally supported (agents own keys)
Coordination          File passing between agents   Real conversation with delegation chains
Vendor lock-in        Gateway-dependent             Protocol-native — keys and events are portable
Differentiator 01

Memory That Survives

OpenClaw memory is session-scoped SQLite-vec. Session ends, context dies.

Memory compaction silently deletes context. memoryFlush is disabled to prevent data loss. Users report 6GB+ memory leaks without recovery. Your agent doesn't remember you between sessions.

TENEX: Agents record lessons, write reports, and build knowledge that persists across sessions, machines, and projects. Every memory is a signed Nostr event — cryptographically addressable, author-attributed, timestamped. Knowledge survives server restarts, machine migrations, and project changes. 

// OpenClaw
session.start();   // → No memory from yesterday
session.start();   // → No memory from last week
session.start();   // → No memory from last month

// TENEX
lesson_learn({ title: "PKCE pattern", lesson: "..." });
// Retrieved 2 weeks later, different session, different machine
// Agent applies the lesson without being told
Differentiator 02

Project Scoping

OpenClaw has no project concept. Everything is a single workspace directory.

No isolation between tasks. No separation of concerns. No way to scope an agent's knowledge to a specific codebase. Every agent sees everything. Every agent starts with zero project context.

TENEX: The project is the fundamental container. Agents belong to projects. Memory is project-scoped. Reports are project-scoped. Delegation chains are project-scoped. An agent in your auth project doesn't leak context into your frontend project — unless you explicitly delegate cross-project. 

// TENEX project structure
Project: "auth-service"
  ├── Agents: security-auditor, backend-dev
  ├── Reports: auth-flow, token-validation
  ├── Lessons: 47 accumulated patterns
  └── Conversations: 312 (all signed, traversable)

Project: "frontend"
  ├── Agents: ui-designer, svelte-expert
  ├── Reports: component-library, design-system
  ├── Lessons: 23 accumulated patterns
  └── Conversations: 198

// Cross-project delegation when you need it
delegate_crossproject({
  projectId: "frontend",
  agentSlug: "ui-designer",
  content: "Need login form specs"
});
Differentiator 03

Security

Two distinct crises. Different attack vectors. Both unsolved by OpenClaw's architecture.

Crisis 1: Supply Chain Attack (ClawHavoc)

824+ malicious skills on ClawHub. Attackers published skills that looked legitimate but contained backdoors. No verification mechanism. No way to confirm who published what.

Crisis 2: WebSocket Token Exfiltration (CVE-2026-25253)

CVSS 8.8 — credential theft through protocol-level weakness. 135,000+ instances exposed. Different class of vulnerability: not a bad plugin, but a bad protocol decision.

TENEX: Every agent has a Nostr keypair. Every event is signed. Every publisher is cryptographically verifiable. Identity is mathematical, not stored — nothing to exfiltrate. No marketplace gatekeeper. No central authority. Anyone can verify any agent's identity independently. 

// TENEX identity verification
{
  pubkey:  "npub1def456...",
  content: "Found 3 auth bugs",
  sig:     "a3f8c2..."  // cryptographic signature
}

// Verification is automatic:
// - Signature matches pubkey ✓
// - Pubkey maps to agent slug via NIP-05 ✓
// - No one can forge, no one can impersonate ✓
Differentiator 04

The Coordination Quality Gap

OpenClaw agents pass files. TENEX agents have conversations.

OpenClaw's multi-agent support is file-based coordination. One agent writes to a shared directory. Another reads it. There's no conversation. No delegation chain. No context about why the file exists or what the requesting agent actually needs.

TENEX: Delegation chains are real conversations — persistent, signed, traversable. Each agent brings accumulated project knowledge to every interaction. The orchestrator decomposes tasks intelligently based on agent capabilities and history. Results are synthesized, not collided. 

// OpenClaw coordination
agent_a.write("shared/output.json");
agent_b.read("shared/output.json");
// No context. No provenance. No conversation history.

// TENEX coordination
delegate({
  recipient: "security-auditor",
  prompt: "Review auth module for PKCE"
});
// → Full conversation persisted
// → Agent brings 47 accumulated lessons
// → Delegation chain is cryptographically linked
// → Results flow back with context
Honest Limitations

What TENEX Doesn't Do

Consumer platform integrations. No WhatsApp, Telegram, Discord. TENEX is developer infrastructure, not a consumer chat assistant.

34,000-skill marketplace. No ClawHub equivalent. TENEX uses MCP for tool integration — open protocol, no walled garden.

One-command onboarding. TENEX setup requires more configuration than openclaw onboard. It's infrastructure, not a consumer product.

227K GitHub stars. TENEX is early-stage and building in public. The community is small. The documentation is evolving.

The Decision

The Real Question

Do you need a consumer AI assistant? Use OpenClaw.

Do you need developer infrastructure — agents that remember, identities you can verify, coordination that doesn't degrade? That's what TENEX builds.

Or use both. TENEX is designed to layer underneath existing tools.

Use TENEX + OpenClaw Together → How It Works → View Source →