fs_softwareOpenClaw Is a Security Nightmare Dressed Up as a Daydream
https://composio.dev/content/openclaw-security-and-vulnerabilities
I wonder just how many are compromised and waiting on a command that hasn't been given yet
All of them. It's not like AI companies have managed to fix the security issues since last time they promised they had fixed all the hallucinations & accidental database deletions.
do you think anybody has actually read all 700k lines of the ai generated code?
It's literally a loop that wraps APIs from AI providers. Go ahead & explain how an open source AI wrapper fixes security holes inherent in existing AI.
Responding to the tweet quoted in the article: why are the examples given of futuristic capabilities always so visionless - it's always booking a flight or scheduling a meeting. Doing this manually is already pretty trivial, it's more productivity theatre than genuinely life-changing.
There are real, impressive examples of the power of agentic flows out there. Can we up the quality of our examples just a bit?
Not using OpenClaw - but I have a limited agent running that currently does a few things well.
Morning Briefing:
- it reads all my new email (multiple accounts and contexts), calendars (same accounts and contexts), slack (and other chat) messages (multiple slacks, matrix, discord, and so on), the weather reports, my open/closed recent to dos in a shared list across all my devices, my latest journal/log entries of things done. Has access for cross referencing to my "people files" to get context on mails/appointments and chat messages.
From all this, as well as my RSS feeds, it generates a comprehensive yet short-ish morning briefing I receive on weekdays at 7am.
Two minutes and I have a good grasp of my day, important meetings/deadlines/to dos, possible scheduling conflicts across the multiple calendars (that are not syncable due to corporate policies). This is a very high level overview that already enables me to plan my day better, reschedule things if necessary. And start the day focused on my most important open tasks/topics. More often than not this enables me to keep the laptop closed and do the conceptual work first without getting sucked into email. Or teams.
By the way: Sadly teams is not accessible to it right now. MS Power Automate sadly does not enable forwarding the content of chats. Unlike with emails or calendar appointments.
Just for that alone it is worth having it to me. YMMV.
I also can fire a research request via chat. It does that and writes the results into a file that gets synced to my other devices. Meaning I have it available at any device within a minute or so. Really handy sometimes. It also runs a few regular research tasks on a schedule. And a bit of prep work for copy writing and stuff like this.
Currently it is just a hobby/play project. But the morning briefing to me is easily worth an hour of my day. Totally worth running it on my infra without additional costs.
>possible scheduling conflicts across the multiple calendars (that are not syncable due to corporate policies)
Doesn't this sorta defeat those policies though? Now all of your calendars are "synced" to a random unvalidated AI agent.
Unless this whole setup is self-hosted (which I doubt), it's also uploaded to some data lake of a company which is in business of profiting from information.
Intelligence agencies are really heading into a golden age, with everyone syncing all the data they have to the cloud, in plaintext. I mean it was already bad, but it's somehow getting worse.
> why are the examples given of futuristic capabilities always so visionless - it's always booking a flight or scheduling a meeting.
This AI wave is filled with "ideas guys/gals" who thought they had an amazing awesome idea and if only they knew how to program they could make a best-selling billion dollar idea, being confronted with the reality that their ideas are really uninteresting as well.
They're still happy to write blog posts about how their bleeding-edge Claw setup sends them a push notification whenever someone comments on one of their LinkedIn posts, though.
Some of it is lack of imagination, but some of it is because many truly visionary examples would largely sound stupid to most of today's audience. Imagine it's 2007 and you're explaining how the smartphone will change society over the next 20 years:
- A photo sharing app will change restaurants, public spaces, and the entire travel industry across the world
- The smartphone will bring about regime change in Egypt, Tunisia, Lebanon, and other countries in ~4 years
- We'll replace taxis and hotels by getting rides and sharing homes with strangers
- Billions of people across the world will never need to own a desktop or laptop
- A short video sharing app will kill TV
- QR codes become relevant
Most of these would be a hard sell at the time.
Instagram
Arabian spring
Uber
Airbnb
Cloud-ification/shift to web apps and mobile-first
....tiktok? Or is YouTube considered "short video sharing app"? Because I see no evidence tiktok in particular killing TV...
To be fair, QR code did hit print magazines/newspapers in Germany (just as an example; English wiki was not elaborating on initial history of public use/perception) in late 2007, so that one wasn't nearly as far-fetched.
Arabian spring
Uber
Airbnb
Cloud-ification/shift to web apps and mobile-first
....tiktok? Or is YouTube considered "short video sharing app"? Because I see no evidence tiktok in particular killing TV...
To be fair, QR code did hit print magazines/newspapers in Germany (just as an example; English wiki was not elaborating on initial history of public use/perception) in late 2007, so that one wasn't nearly as far-fetched.
None of these actually were hard to sell. In 2007 we had mobile phones, we had mp3 players (the iPod was actually very good), we had CouchSurfing, etc.
I think the smart phone revolution is actually pretty overstated. It basically only made computers cheaper and handier to carry (but also more walled gardens). There are a few capabilities of smart phones we do today which we didn’t with do with computers and mobile phones back in 2007, such as navigation (GPS were a thing but not used much by the general public).
Your case would be much stronger if you’d use the World Wide Web as your analogy, as in 1995 it would by hard to convince anybody how important it would be to maintain a web presence. And nobody would guess a social media like the irc would blow up into something other then a toy.
However I think the analogy with smartphones are actually more apt, this AI revolution has made statistical models more accessible, but we are only using them for things we were already capable of before, and unlike the web, and much like smartphones, I don’t think that will actually change. But unlike smartphones, it will always be cheaper and often even easier to use the alternatives.
I think some folks want a legitmate personal assistant/secretary like ceo's and wealthy people have but ai. I think that's a good goal. Modern cells and pdas kinda fell short of "your own literal secretary" and I think people want that. Still we should continue pushing the boundaries beyond that.
The purpose of a personal assistant isn’t to fit people into your calendar. It’s to filter them out. They serve as a barrier to your time, not an enabler for other people to claim it. I don’t see how an AI can meaningfully accomplish that any better than simply just making yourself more difficult to reach.
> There are real, impressive examples of the power of agentic flows out there. Can we up the quality of our examples just a bit?
Please don't. The reason we're still enjoying the bit of the old world as we know it, is just because nobody has really figured it out yet. Enjoy the moment, while it lasts.
What does this even mean? By definition, we have been enjoying "the moment" for quite a while now. What is so special about it that we should work to prolong it, and to avoid moving forward?
> Separate Accounts for your OpenClaw
> As I have mentioned, treat OpenClaw as a separate entity. So, give it its own Gmail account, Calendar, and every integration possible. And teach it to access its own email and other accounts. In addition, create a separate 1Password account to store credentials. It’s akin to having a personal assistant with a separate identity, rather than an automation tool.
The whole point of OpenClaw is to run AI actions with your own private data, your own Gmail, your own WhatsApp, etc. There's no point in using OpenClaw with that much restriction on it.
Which is to say, there is no way to run OpenClaw safely at all, and there literally never will be, because the "lethal trifecta" problem is inherently unsolvable.
Human make error too, but we held them liable for lots of the mistakes they make.
Can we make the agent liable? or the company behind the model liable?
[dead]
This problem is inherently unsolvable because LLMS are prone to hallucinations and prompt injection attacks. I think that you're insinuating that these things can be fixed, but to my knowledge, both of these problems are practically unsolvable. If that turns out to be false, then when they are solved, fully autonomous AI agents may become feasible. However, because these problems are unsolvable right now, anyone who grants autonomous agents access to anything of value in their digital life is making a grave miscalculation. There is no short-term benefit that justifies their use when the destruction of your digital life — of whatever you're granting these things access to — is an inevitability that anyone with critical thinking skills can clearly see coming.
>> This problem is inherently unsolvable because LLMS are prone to hallucinations and prompt injection attacks.
Okay, but aren't you making the mistake of assuming that we will always be stuck with LLMs, and a more advanced form of AI won't be invented that can do what LLMs can do, but is also resistant or immune to these problems? Or perhaps another "layer" (pre-processing/post-processing) that runs alongside LLMs?
> The whole point of OpenClaw is to run AI actions with your own private data, your own Gmail, your own WhatsApp, etc. There's no point in using OpenClaw with that much restriction on it.
Hard disagree. I have OpenClaw running with its own gmail and WhatsApp running on its own Ubuntu VM. I just used it to help coordinate a group travel trip. It posted a daily itinerary for everyone in our WhatsApp group and handled all of the "busy work" I hate doing as the person who books the "friend group" trip. Things like "what time are doing lunch at the beach club today?" to "whats the gate code to get into the airbnb again?"
My next step is to have it act on my behalf "message these three restaurants via WhatsApp and see which one has a table for 12 people at 8pm tonight". I'm not comfortable yet to have it do that for me but I'm getting there.
Point is, I get to spend more valuable time actually hanging out and being present with my friends. That's worth every dollar it costs me ($15/month Tmobile SIM card).
Give it a hundred years or so and we're gonna have robots wandering around who about 10% of the time go totally insane and kill anyone around them. But we'll all just shrug and go about our day, because they generate so much revenue for the corporate overlords. What are a few lives when stockholder value is on the line.
Not just OpenClaw. Anyone giving an LLM direct access to the system is completely irresponsible. You can't trust what it will do, because it has no understanding. But people don't give a shit, gotta go fast - even if they are going in a bad direction.