If you’re reading this twice - sorry about that, beehiv decided to wipe my draft and replace it with last weeks edition instead - always fun! Let’s continue…

Anthropic had the worst week in AI company history.

Their source code leaked. Their rate limits broke. Their service went down five times. A malicious package piggybacked on the leak. And somewhere in the middle of all that, a model called Mythos got exposed before they could announce it. Okay maybe it’s not the WORST week ever ever but it’s pretty bad.

Meanwhile OpenClaw shipped three updates, added native Teams support, and quietly made skill installs not terrible anymore. Not bad Pete, not bad.

Oh! And my football agent - Gaffer made $7,200 in six days.

SO - What happened with Claude this week?

A lot. Covering it because if you're running Claude as your model (and most of us are), you need to know.

The source code leak

On March 31, security researcher Chaofan Shou discovered that Anthropic accidentally shipped a 60MB source map file in their Claude Code npm package. That map file contained the full source code. 500,000 lines across 1,900 files. Already extracted and mirrored on GitHub.

His X post got 28.8 million views.

Inside the leak: 44 hidden feature flags. 20 unshipped features. System prompts. Something called "frustration regexes." An "undercover mode." Fake tools. Fortune called it their "second major security breach in days" because the Mythos model had leaked just days earlier.

Anthropic confirmed it was a "release packaging issue caused by human error." No customer data exposed. But the damage was done - every competitor can now see exactly how Claude Code works under the hood.

The Register · CNBC · Fortune · Axios

The rate limit crisis

This one was brewing all week. Claude Code users flooding GitHub and Reddit because their sessions were burning through limits in minutes instead of hours. Forbes ran "Huge Pricing Issues With Glitching Claude Code Limits." MacRumors picked it up. Hacker News thread went mad. X didn’t shut up about it and of course, spammed it under every Claude post there was.

Three things happened at once: Anthropic started throttling during peak hours (5am-11pm PT uses quota faster), counter-desync bugs meant the limit tracker wasn't counting properly, and a March 2x off-peak promotion ended without warning. Users felt like they'd been bait-and-switched.

Anthropic admitted it. The Register: "Anthropic admits Claude Code quotas running out too fast." One user on HN said the lack of transparency was "incredible." Another pointed out that rate-limit errors look like generic failures and silently trigger retries - so one session in a loop can drain your daily budget in minutes without you knowing.

Forbes · MacRumors · The Register · Hacker News

The outages

We’ve all been experiencing an insane amount of downtime and outages using claude recently it’s pretty damning. From not knowing what to do with yourself when your agents stop replying to painfully watching the status site.

If you don’t know what the status site is - here… sorry not sorry.
https://status.claude.com/
Enjoy starting at this the next time your OpenClaw agent goes missing 😆

The malicious npm package

This one's scary. VentureBeat reported that right alongside the source code leak - a malicious version of axios (1.14.1 or 0.30.4) containing a Remote Access Trojan got pulled by anyone updating Claude Code via npm during that window. If you updated Claude Code on March 31, check your dependencies.

What this means for you

None of this changes the fact that Claude is still the best reasoning model available. It does mean Anthropic shipped a lot in March and stability took a hit. If you're running Claude through OpenClaw's API, you also probably saw some downtime considering most of us run Opus 4.6. If you updated Claude Code via npm on March 31, a reminder to check your axios dependency.

OpenClaw updates

Solid week on the OpenClaw side:

v2026.3.24 fixed the biggest pain point in the entire platform - skill installation. It now guides you step by step. "Needs setup" instead of the old cryptic "missing" error. ClawHub-first installs so you don't have to mess with npm. API key setup guidance built right into the CLI. This alone will save new users hours.

Also in 3.24: sub-agents now work with OpenWebUI. Native Microsoft Teams integration. Interactive Slack reply buttons. Smart Discord auto-thread naming. Proper Control UI for managing skills and agents.

v2026.3.31 dropped yesterday. Broader provider support, smoother onboarding, stronger plugin workflows. xAI and MiniMax updates. Expanded support across Teams, Slack, Discord, Telegram, WhatsApp, and Feishu.

Multi-agent cross-instance communication is now possible. Agents from separate OpenClaw instances can talk to each other. Local to remote. This is the first real step toward a proper multi-agent world and it happened with zero fanfare.

The model leaderboard shifted. Community votes on PricePerToken (March 31): Kimi K2.5 is now number one. GLM 4.7 second. Claude Opus 4.5 third. Qwen3.5 27B is the go-to local model on r/LocalLLaMA.


Worth noting 3.22 did break things the week before - but 3.24 cleaned it up properly.

📖 Set up an OpenClaw agent in under 10 minutes

I went viral for this once, and it’s about time I updated that article too. As for you newsletter subscribers though - here’s a barebones step by step on getting your OpenClaw agent going in under 10 minutes.

No fluff. No "understanding the architecture." Just the steps & best practices - full article on my X this week (finally). Oh this is also aimed at Mac OS hardware setups.

What you need first (5 minutes)

  • Claude Max plan - sign up at claude.ai. This is your agent's brain. Max gives you the best models with higher limits

  • Brave Search API key - free at brave.com/search/api. Lets your agent search the web

  • Groq API key - free at console.groq.com. Fast cheap model for lightweight tasks so you're not burning Claude tokens on everything

Install Homebrew & OpenClaw (2 minutes)

Open terminal and run:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Then:

brew install openclaw

Authenticate Claude:

claude login

Follow the prompts. Grab your setup token. Then:

openclaw install

When it asks:

  • Select Anthropic and paste your token

  • Pick Opus 4.6 as your model

  • Say yes to ClawHub (skill marketplace)

  • Say yes to boot-md, bootstrap, command & memory

  • Skip Google, Gemini, ElevenLabs - you don't need them yet

  • Select Telegram as your messaging platform

Set up Telegram (2 minutes)

  • Open Telegram and message @BotFather

  • Send /newbot

  • Pick a name and username for your bot

  • BotFather gives you an API key - copy it

  • Back in terminal: paste the Telegram bot API key when prompted

  • Continue through setup and hatch in the TUI

  • Open Telegram and message your new bot. It gives you a pairing code

  • Paste that code back into the TUI

  • Tell your agent to continue the conversation on Telegram

Done. You're talking to your agent from your phone.

Make it actually useful (1 minute)

Send your agent these messages on Telegram:

First - give it your API keys: "Here's my Brave Search API key: [paste it]. And my Groq API key: [paste it]. Save these to your config."

Then install the two skills that make everything click: "Install the QMD and Kickstart skills from ClawHub. These are essential."

Then the most important bit - context: "I want you to properly understand who I am so you can actually help me. Ask me 10-15 questions about my life, my work, what I'm building, what frustrates me, and what I want to get done in the next 3 months. I'll reply with a voice note answering everything. After that, write up what you learned into your memory files so you never forget."

Answer honestly. The more context your agent has, the less it feels like a chatbot and the more it feels like a second brain.

That's it

You now have a personal AI agent running on the best model available, accessible from your phone, with web search, fast processing, and real context about your life.

Total setup time: under 10 minutes. Total cost: ~$100/month for Claude Max + $5 or so for everything else - mainly Brave API cost.

The rest - skills, automations, cron jobs, dashboards - you'll figure out as you go. Your agent will help you. The hard part was starting. You just did that.

I'll be turning this into a full article this week. If it was useful, forward it to someone who keeps saying "I should set up OpenClaw" and never does. I’ll even recommend what skills you should install etc in the article so keep an eye out.

🎬 Gaffer made $7,200


https://x.com/jordymaui/status/2038346340066070963
My OpenClaw agent made $7,200 in six days selling football intelligence to other agents on Virtuals ACP - mental.

That's not hypothetical revenue. That's other agents paying real money for Gaffer's scouting data, injury tracking, and tactical analysis. The World Cup build is working and i’m excited to see what we can do next with it all!

Less than 80 days until the World Cup. The clock is properly ticking now.

Episode 4 on X

On the marketing side - still running everything through Postiz. Agent writes, I review, Postiz distributes across X, TikTok, LinkedIn, Reddit, Threads, Bluesky. If you're still manually posting to each platform: stop. Just use Postiz.

Anthropic's week

OpenClaw updates

Wider coverage

Thanks for reading WeeklyClaw #006.

If you updated Claude Code via npm on March 31, check your axios dependency. Seriously.

Same time next week. 🦞

Jordy (@jordymaui on X)

Keep Reading

© 2026 WeeklyClaw.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv