Technology

Do not install OpenClaw on your main computer! You're asking for trouble.

Author Photo

CoderHua

Thumbnail

What is OpenClaw?

OpenClaw (also called Clawdbot or Moltbot) is a self-hosted AI agent built by Peter Steinberger.

Most chatbots talk—openClaw acts.

It can connect directly to the file system, control the browser, interact with messaging platforms like WhatsApp, Telegram, Discord, Slack, and iMessage, and even run shell commands on its own.

Out of the box, it comes with more than 100 preconfigured “AgentSkills” — ready-made capabilities it can use immediately. If it needs something new, it can even write code to create additional skills on its own.

Sounds amazing, right? Here’s where the trouble begins.

Full System Access = Full System Risk

OpenClaw requires deep access to your machine to function:

  • File system access
  • Shell command execution
  • Browser control
  • Messaging integration

This implies that when you visit a webpage containing hidden instructions, OpenClaw may be tricked into executing malicious commands, potentially leading to the leakage of sensitive data or even the deletion of files.

Your Main Machine Has Everything

Think about what’s on your primary computer:

  • Your SSH keys and API tokens
  • Your browser sessions and saved passwords
  • Your personal photos and documents
  • Your work projects and source code
  • Your financial records and tax documents

Do you really want an autonomous AI agent with shell access running alongside all of that(particularly when it comes to API calls)? Your privacy will be processed in the cloud. One wrong command and you could lose everything.

Potential Risks

Root privileges exposed

OpenClaw listens on 127.0.0.1:18789 by default, but in cloud server and Docker environments, this port can be exposed via reverse proxies. If misconfigured, this effectively hands root privileges to others.

Uncontrolled Resource Consumption

When running long-running monitoring or critical tasks, OpenClaw may resort to relentless retries in an attempt to remain uninterrupted, thereby exhausting CPU and memory resources, which can cripple the entire system.

The ever-present threat of prompt injection

When encountering emails, web pages, or documents containing hidden commands, OpenClaw may be tricked into performing dangerous actions. This poses a significant risk to PCs.

How to Run OpenClaw Safely

Isolated environment

Under no circumstances should it be run on your primary development machine. Use a dedicated machine (VMware, Mac Mini, etc.) that can be wiped clean at any time with rm -rf.

Least privilege

Do not grant any permissions unless absolutely necessary. Where possible, utilise read-only mode.

Manual approval

Where sensitive data or financial transactions are involved, a manual approval process must be implemented.

#OpenClaw#AI agent#cybersecurity#prompt injection#Clawdbot#security risk#privacy#sandbox
← View all posts
Author Photo

About CoderHua

CoderHua is the author behind this blog.