I’ve been watching the hype around OpenClaw (formerly ClawdBot, then Moltbot) with a mix of curiosity and concern. The YouTube videos made it look compelling - a locally-running AI agent that can control your computer, write code, browse the web. The persistent memory angle was particularly tempting. I’ll admit… I seriously considered it.
But before I hit install, I stopped myself. Something felt off.
The security alarm bells
An AI agent with root access to the whole machine… running on hardware connected to my network… Yeah, that’s where I paused.
Look, I love the idea of a digital assistant that can actually do things - same as everyone else. But giving something that level of access? I started thinking about what could go wrong. Not in a paranoid way, just… the practical stuff. What if there’s a vulnerability? Prompt injection via an email to the OpenClaw Agent for example. What other ways can this be compromised? What if it just makes a mistake with those permissions?
I’m not a network security expert. I don’t run military-grade sandboxes. The “just run it in a sandbox” advice sounds great until you realise how many people actually know how to properly secure that environment. I’m guessing it’s not most of us.
And honestly? You can get most of what OpenClaw offers through other means. MCP servers can connect Claude to your email, browser, whatever. Persistent memory? Write a Claude agent that stores context files somewhere sensible and keeps them updated. You don’t need root access for that.
Validation from the community
Then I watched Nate Jones’s video breaking down the security implications, and… yeah. My instincts were right. The access model really is risky.
And just recently, I read this MIT Technology Review article about MoltBook - the social network for OpenClaw agents that emerged from this whole ecosystem. The article’s title says it all: “peak AI theatre.” The hype cycle around these tools has become… a lot.
Why this matters
The hype moves fast. By the time the security reviews and critical analysis come out, thousands of people have already installed OpenClaw. I’m glad I waited.
I’m documenting this because I want to remember: when the next hyped tool shows up - and there will be one, AI.com is already revving up - I should trust my security instincts. Not every shiny new thing needs to run with elevated privileges on hardware I own.
Future-me might face another tool like this and think “Oh right, I listened to my gut about OpenClaw and I was right to do so.” That’s worth remembering.
References: