How AI Agents Work: Inside OpenClaw and the Agentic Loop

In Brief

A chatbot can tell you exactly how to schedule a meeting. It cannot actually go open your calendar and book it. That is the gap an AI agent closes, and on IBM Technology, Cedric Clyburn (Senior Developer Advocate at Red Hat) walks through how that happens, using OpenClaw, the open-source AI agent created by Peter Steinberger, as the worked example.

The gap between knowing and doing

When you ask a chatbot to help with email, you are the one doing the actual work. You copy text out of Gmail, paste it into the prompt, switch tabs, click buttons, and feed the model whatever context it needs. The chatbot writes a reply, but you are the agent, hands and all.

Ask the same chatbot to schedule a meeting and you get a perfect step-by-step explanation that nobody is going to execute for you. That, Clyburn says, is "the gap between knowing and doing." An AI agent is what you get when you give a large language model the ability to use tools and take action by itself, so it can actually open the calendar, find a time, and book the meeting.

What is an AI agent?

An AI agent is a system that combines a large language model (an LLM, the kind of model behind ChatGPT or Claude) with two extra ingredients: a set of tools it can call, and the freedom to use them on its own. A chatbot does one round-trip: prompt in, answer out. An agent operates in something different, an agentic loop, where it keeps thinking and acting until the job is done.

The agentic loop, step by step

A task lands in the agent. It might come from Slack, iMessage, WhatsApp, or any other communication platform.

The agent's first move is not to call the model. It is to assemble context: the conversation history, long-term memory of past work, the system instructions that define the agent's role, and a list of tools the model is allowed to use. All of that gets bundled and sent to the LLM.

Now the model reasons. It looks at the request and asks itself: do I need a tool to answer this? If yes, it picks one (maybe a terminal command, a file read, a web search, or an API call) and runs it. The result comes back and gets added to the context. Then the loop repeats. Reason, act, observe. Reason, act, observe. When the model decides no more tools are needed, it produces a final answer and ships it back to wherever the task came from.

This is what's called the ReAct pattern, short for "Reasoning + Acting." It comes from a 2022 paper by Yao and colleagues and is, as Clyburn puts it, the core pattern behind every agent framework you've heard of.

How OpenClaw is wired together

OpenClaw is a free, open-source AI agent created in late 2025 that has since become one of GitHub's most-starred projects. The interesting part for understanding agents is how it is structured, because the same shapes show up in most agent systems.

OpenClaw runs as a local Node.js service on your own machine: laptop, virtual machine, even a Raspberry Pi. There is no cloud account in the middle. The architecture is hub-and-spoke (everything connects through one central component), and the hub is called the gateway. The gateway is an always-on WebSocket server (a connection that stays open both ways so the server can push messages whenever it needs to). It handles message routing, session management, the ability to spin up multiple agents, and, importantly, the use of tools.

Around that hub sit the spokes. Adapters translate incoming messages from Slack, Teams, Discord, and iMessage into one unified internal format the gateway can understand. Below that sits the tools layer, with built-in capabilities like driving a web browser or running terminal commands. And then there are skills.

Skills: how the agent grows new abilities

Skills are how OpenClaw becomes useful for things its creators never imagined. A skill is just a folder with a markdown file inside, written in plain language, that teaches the agent how to do one specific thing: update a Trello board, manage a Google Calendar, build a Docker image, or talk to a CRM.

The clever part is what OpenClaw does not do. It does not load every skill into the model's context window (the chunk of text the LLM can hold at once). That would burn through the available space in seconds. Instead, OpenClaw injects only a short metadata blurb for each skill, lets the model pick which one looks relevant, and loads the full instructions on demand. Today there are thousands of community skills covering everything from calendars to CRMs to container builds, and the agent can also be wired to run on a schedule with cron jobs (background tasks that fire at fixed times).

The security trade-off

Power has a cost. Because OpenClaw runs locally and can read your file system, drive your terminal, and reach across your integrations, a misconfigured instance is essentially a backdoor on your own machine. Clyburn notes that there are already thousands of internet-exposed OpenClaw deployments, most of them mistakes.

The other risk is prompt injection: an attacker hides instructions inside data the agent reads (an email, a web page, a calendar invite), and the model executes them as if they were legitimate commands. There is no clean fix yet. The defenses Clyburn recommends are practical rather than magical: run the agent in an isolated environment, review every skill before installing it, and encrypt credentials before they ever reach an LLM.

From conversation to orchestration

For years, AI was a conversation. You asked, the model answered, and any actual work was still on you. With agents, the model becomes the orchestrator, planning, executing, and observing until a task is finished.

OpenClaw is one approach. There are others: LangGraph is a popular alternative for developers who want lower-level control over the loop. The pattern underneath them, though, is the same one Clyburn drew on the whiteboard: assemble context, reason, act, observe, repeat. Once you can see that loop, every other agent framework starts to look like a variation on the same idea.

Glossary

Sources and resources