operator23 lets non-technical operators describe a workflow in plain English and run it across their tool stack, hubspot, apollo, monday, google drive and others. no builder, no if-then config, just a description and a review step before anything runs.
We talked to marketing ops people recently to validate whether we are solving the right problems. Three things came up every single time.
Setup complexity. People are not afraid of automation in theory. They are afraid of spending two hours configuring conditions and field mappings, only to have something silently misroute. The config layer is where confidence dies.
Debugging. When a workflow breaks there is usually no explanation. A trigger did not fire, data passed null downstream, a sequence stopped. You find out three weeks later when someone downstream asks a question. Nobody knows where it went wrong so they delete it and go back to doing it manually.
No trust without control. Everyone wanted to keep a review step before the system acts on its own. Not forever, but until it had proven itself across enough edge cases. The unlock for automation adoption is not fewer steps, it is making it safe to delegate gradually.
What we are building is a system that addresses all three. Plain English input so setup is fast, step-by-step explanations so debugging is readable, and staged autonomy so trust is earnable.
For founders who have built or managed GTM and marketing ops teams: does this match what you have seen. And is there a fourth problem we are missing.
The staged autonomy pattern ("trust is earnable") maps directly to what we built with protect-mcp — shadow mode first (log everything, block nothing), then enforce when you've seen enough data to trust the policies.
For the prompt injection concern: protect-mcp wraps MCP tool calls with per-tool policies. Even if the agent gets injected, it can't call tools outside the policy. Every decision is optionally Ed25519-signed and verifiable offline.
npmjs.com/package/protect-mcp
How is it different from openclaw?
Openclaw is great, but it's still early adopters and often tech savvy people who use it. This is for non tech savvy people in a small companies that are still hesistant to let AI Run their workflow, and n8n and zapier takes too much time to setup and maintain, or the if/then isn't working in their setting.
Openclaw = tech savvy people small team, really knows AI Operator23 = Wants safe agents super easy to setup doing one task and learn about it.
Nothing about prompt injection protections. This appears to be openclaw but trusting that you won’t silently expose all your (our) data.
[dead]