Comment by jychang
Comment by jychang 2 days ago
Yeah, keep it in a VM or a box you don't care about. If you're running it on your primary machine, you're a dumbass even if you turn on sandbox mode.
Comment by jychang 2 days ago
Yeah, keep it in a VM or a box you don't care about. If you're running it on your primary machine, you're a dumbass even if you turn on sandbox mode.
It is completely vibe coded. The author himself says he doesn't check the code.
https://x.com/Hesamation/status/2016712942545240203
Can't believe people are giving it full access to their MacOS user session. It's a giant vulnerability waiting to happen.
Sending an email with prompt injection is all it takes.
the documentation contains the actual line:
> This is remote code execution on the Mac
https://docs.openclaw.ai/gateway/security
I... what....? what are people expecting?
This is the result of years of people sniffing the AI Powder. Our collective intelligence as a species is falling off a cliff.
The thing is running it onto your machine is kinda the point. These agents are meant to operate at the same level - and perhaps replace - your mail agent and file navigator. So if we sandbox too much we make it useless. The compromise being having separate folders for AI, a bit like having a Dropbox folder on your machine with some subfolders being personal, shared, readonly etc. Running terminal commands is usually just a bad idea though in this case, you'd want to disable that and instead fine tune a very well configured MCP server that runs the commands with a minimal blast radius.
> running it onto your machine is kinda the point.
That very much depends what you're using it for. If you're one of the overly advertised cases of someone who needs an ai to manage inbox, calendar and scheduling tasks, sure maybe that makes sense on your own machine if you aren't capable of setting up access on another one.
For anything else it has no need to be on your machine. Most things are cloud based these days, and granting read access to git repos, google docs, etc is trivial.
I really dont get the insane focus around 'your inbox' this whole thing has, that's perhaps the biggest waste of use you could have for a tool like this and an incredibly poor way of 'selling' it to people.
> someone who needs an ai to manage inbox, calendar and scheduling tasks
A secretary. The word you're looking for is "secretary". Having a secretary has always been the preferred way to handle these tasks for the wealthy and powerful. The president doesn't schedule his own meetings and manage his own Outlook calendar, a president/CEO/etc has better things to do.
People just created calendar/email/etc software (like Microsoft Outlook) to let us do it ourselves, because secretaries are $$$$. But let's be real, the ideal situation is having a perfect secretary to handle this crap. That's the point of using AI here: to have an AI secretary.
Managing your own calendar would become extremely 2010 coded, if AI secretaries become a thing. It'd be like how "rewinding your VCR tape" is 1990s coded.
Unless you're swamped with email I don't really get it. If someone calls me to arrange an appointment I say "Hey Google add x to calendar" after the call and it's done. Gemini can use Gmail and other workspace apps. You can also set up commands to do a few different things at once, like turning on the lights when you get home by saying I'm home. With any cheap set of bluetooth earphones this is all hands free.
Lots of these YouTubers are using openclaw to replace simple Google/Siri voice queries with something prohibitively complex, expensive and insecure.
Also, people in the 90's didn't have push notifications. We see emails on our watch/phone and can delete/archive/snooze from there. Email triage takes zero time these days and can be done from anywhere. I do get it though if you're someone who is extremely busy and really needs a PA.
Much more likely that the average user is either unemployed or in the leisure class.
Cloudflare jumped on the hype and shipped a worker: https://blog.cloudflare.com/moltworker-self-hosted-ai-agent/ I guess that would be an easy and secure way to run it.
Now they have to rename again, though... [1]
It's really easy to run this in a container. The upside is you get a lot of protection included. The downside is you're rebuilding the container to add binaries. The latter seems like a fair tradeoff.
What I'll say about OpenClaw is that it truly feels vibe coded, I say that in a negative context. It just doesn't feel well put together like OpenCode does. And it definitely doesn't handle context overruns as well. Ultimately I think the agent implementation in n8n is better done and provides far more safeguards and extensibility. But I get it - OpenClaw is supposed to run on your machine. For me, though, if I have an assistant/agent I want it to just live in those chat apps. At that rate it's running in a container on a VPS or LXC in my home lab. This is where a powerful-enough local machine does make sense and I can see why folks were buying Mac Minis for this. But, given the quality of the project, again in my opinion, it's nothing spectacular in terms of what it can do at this point. And in some cases it's more clunky given its UI compared to other options that exist which provide the same functionality.