Is OpenClaw, AI agent formerly known as Clawdbot, safe to use?

A not-so-popular AI agent, now rebranded as OpenClaw, is making waves in the AI space for its laudable functionalities that make it a better option than typical AI chatbots like ChatGPT and Gemini, but unfortunately, lately, its safety has become a serious concern among users.

OpenClaw, formerly Clawdbot, has amassed enormous traction for its ability to proactively manage various tasks by accessing extensive digital information, including external accounts and files on users' computer. But since this is an open access, it's raising significant security issues.

Creator Pete Steinberger admitted that running an AI agent with shell access on your device is risky, stating, “There is no 'perfectly secure' setup.”

The Clawdbot's functionality requires it to read private messages, store credentials, and execute commands, and all of these elements can undermine traditional security models.

For OpenClaw users, a critical advisory has been issued by threat intelligence platform SOCRadar, saying that users should treat Clawdbot as "privileged infrastructure." The entity also recommends implementing additional security measures to safeguard data.

What makes OpenClaw a more lucrative target for cybercriminals is infostealers' warning that hackers are increasingly targeting local data, especially given some proponents arguing that keeping data local can enhance security.

The rise of "Local-First" AI agents has brought up more loopholes, turning tools like OpenClaw into potential "honey pots" for malware and cyber attackers.

To mitigate such risks, users are encouraged to limit access permissions when using OpenClaw (formerly Clawdbot). The support documentation also outlines the importance of controlling who can interact with OpenClaw and what actions it can perform on your device.