OpenClaw is a security nightmare dressed up as a daydream

Posted by fs_software 2 days ago

OpenClaw is a security nightmare dressed up as a daydream(composio.dev)

391 points | 284 commentspage 2

cat-turner 22 hours ago|

here's the thing. As some point the tools need to be openclaw safe.

Kids need scissors. And they're inexperienced. So you give them kid-safe scissors. It makes it harder to cut themselves.

The same needs to take place with assets you want the bot to manage

- give access to a card with a total spend limit - read only access to some things, edit others - limited scope permissions

One of the reasons why I dragged my feet to use openclaw is that I knew security was an issue from the beginning. I thought by now where would be some solutions and there are, but I only found out from the community. I think there will need to be some level of ecosystem management. Apple does a good job. But for that you need resources and investment.

robotswantdata 1 day ago||

Wasn’t the point of openclaw to YOLO your credentials to the internet?

Only ever a creative prompt injection away from a leak.

Saw some smarter people using credential proxies but no one acknowledges the very real risk that their “claws” commit cyber crime on their behalf once breached.

airstrike 1 day ago||

I wonder just how many are compromised and waiting on a command that hasn't been given yet

measurablefunc 1 day ago|

All of them. It's not like AI companies have managed to fix the security issues since last time they promised they had fixed all the hallucinations & accidental database deletions.

gos9 1 day ago||

You know it’s open source code, right?

measurablefunc 1 day ago|||

It's literally a loop that wraps APIs from AI providers. Go ahead & explain how an open source AI wrapper fixes security holes inherent in existing AI.

slopinthebag 1 day ago|||

do you think anybody has actually read all 700k lines of the ai generated code?

otabdeveloper4 1 day ago||

Not even LLMs can read that.

I asked various models to list configurations options of OpenClaw and none of them could make heads or tails of it.

politelemon 1 day ago||

The overlap between the target audience for openclaw in spite of its attack surface, and the audience that considers a mac mini to be a sandbox while handing over the keys to their digital life is a Venn Eclipse.

gos9 1 day ago|

How is a dedicated Mac not a sandbox?

KaiserPro 1 day ago||

Because the bit thats import is your context (ie email, credit card, privileged data), not the place where you do the execution.

Having a separate machine thats isolated is all well and good, but that doesn't protect you from someone convincing your openclaw to give them your credit card.

nickthegreek 1 day ago||

It doesn’t have to have a credit card number to be useful. I don’t need it to purchase anything. Mine has its own icloud and google account. I can share calendars to it. You can donate same with email or shared lists. There are ways of using openclaw without yolo’ing all your secrets.

grey-area 1 day ago||

But it does need to know personal info to be useful as an agent (calendars, email). The danger is that it’s a hassle to vet every bit of data, and to be useful it needs to know a lot, leading to oversharing, and if you use it long enough you will leak secrets that you didn’t want to leak.

mwiki 22 hours ago||

https://github.com/pandyamarut/AgentBPF something adjacent to this.

unsignedint 1 day ago||

I'd argue there's really no way to make OpenClaw truly safe, no matter what you do. The only place it really makes sense is within trusted environments, like B2B coordination or tightly controlled processes between systems that share the same assumptions.

The moment it steps outside that boundary, you're sending the bot into unpredictable territory. At that point, things can get ambiguous pretty quickly, and in some cases even adversarial.

brisky 1 day ago||

I think this OpenClaw mania will eventually snowball into first global AI catastrophe - AI agents syncing and executing something that would hinder economy a bit. Only after this we will reconsider stricter AI laws and start thinking about security much more.

latand6 1 day ago||

I'm a heavy OpenClaw user and I've been testing it in many different scenarios — the profundity of what I can do with it now is crazy. It's literally automating my life. Being AuDHD, OpenClaw feels like a big relief. The positive sides are amazing. The downsides... well, as with any security and any LLM, they're all prone to the same problems discussed here. Having Claude Code on yolo mode exposes you to the exact same risks

SupremumLimit 21 hours ago||

Could you give some examples of where it's saving you a lot of time? My main time sinks are dishes, laundry, and cleaning. Is it helping out with any of those?

greyadept 1 day ago|||

Could you list some of these scenarios? I’m also neurodivergent and would love to automate parts of my life.

psymon101 1 day ago||

Definitely relate to the AuDHD benefits...

BrokenCogs 1 day ago|

What are the pros of using openclaw?

Using telegram? Being able to automatically create calendar events based on emails?

More comments...