fs_software6d ago

OpenClaw Is a Security Nightmare Dressed Up as a Daydream

https://composio.dev/content/openclaw-security-and-vulnerabilities

OpenClaw is a Security Nightmare Dressed Up as a Daydream | Composio

Composio content pages powered by our CMS, including tutorials, product updates, and guides.

Show threaddfabulich6d ago

> Separate Accounts for your OpenClaw

> As I have mentioned, treat OpenClaw as a separate entity. So, give it its own Gmail account, Calendar, and every integration possible. And teach it to access its own email and other accounts. In addition, create a separate 1Password account to store credentials. It’s akin to having a personal assistant with a separate identity, rather than an automation tool.

The whole point of OpenClaw is to run AI actions with your own private data, your own Gmail, your own WhatsApp, etc. There's no point in using OpenClaw with that much restriction on it.

Which is to say, there is no way to run OpenClaw safely at all, and there literally never will be, because the "lethal trifecta" problem is inherently unsolvable.

https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

The lethal trifecta for AI agents: private data, untrusted content, and external communication

If you are a user of LLM systems that use tools (you can call them “AI agents” if you like) it is critically important that you understand the risk of …

Simon Willison’s Weblog
Show threadTrufa6d ago
I wonder how many inherently unsolvable problems have been fixed before.
Show threadjrflowers
There are a ton if you count “don’t use the thing that causes the problem” as a solution.
Mar 22 at 7:46pmWeb