fs_software6d ago

OpenClaw Is a Security Nightmare Dressed Up as a Daydream

https://composio.dev/content/openclaw-security-and-vulnerabilities

OpenClaw is a Security Nightmare Dressed Up as a Daydream | Composio

Composio content pages powered by our CMS, including tutorials, product updates, and guides.

Show threaddfabulich6d ago

> Separate Accounts for your OpenClaw

> As I have mentioned, treat OpenClaw as a separate entity. So, give it its own Gmail account, Calendar, and every integration possible. And teach it to access its own email and other accounts. In addition, create a separate 1Password account to store credentials. It’s akin to having a personal assistant with a separate identity, rather than an automation tool.

The whole point of OpenClaw is to run AI actions with your own private data, your own Gmail, your own WhatsApp, etc. There's no point in using OpenClaw with that much restriction on it.

Which is to say, there is no way to run OpenClaw safely at all, and there literally never will be, because the "lethal trifecta" problem is inherently unsolvable.

https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

The lethal trifecta for AI agents: private data, untrusted content, and external communication

If you are a user of LLM systems that use tools (you can call them “AI agents” if you like) it is critically important that you understand the risk of …

Simon Willison’s Weblog
Show threadTrufa6d ago
I wonder how many inherently unsolvable problems have been fixed before.
Show threadjesse_dot_id
This problem is inherently unsolvable because LLMS are prone to hallucinations and prompt injection attacks. I think that you're insinuating that these things can be fixed, but to my knowledge, both of these problems are practically unsolvable. If that turns out to be false, then when they are solved, fully autonomous AI agents may become feasible. However, because these problems are unsolvable right now, anyone who grants autonomous agents access to anything of value in their digital life is making a grave miscalculation. There is no short-term benefit that justifies their use when the destruction of your digital life — of whatever you're granting these things access to — is an inevitability that anyone with critical thinking skills can clearly see coming.
Mar 22 at 8:05pmWeb
Show threadenraged_camel6d ago

>> This problem is inherently unsolvable because LLMS are prone to hallucinations and prompt injection attacks.

Okay, but aren't you making the mistake of assuming that we will always be stuck with LLMs, and a more advanced form of AI won't be invented that can do what LLMs can do, but is also resistant or immune to these problems? Or perhaps another "layer" (pre-processing/post-processing) that runs alongside LLMs?