Where OpenClaw Security Is Heading
paulofeliciano
25 points
15 comments
May 17, 2026
Related Discussions
Found 5 related stories in 101.3ms across 8,303 title embeddings via pgvector HNSW
- OpenClaw is a security nightmare dressed up as a daydream fs_software · 320 pts · March 22, 2026 · 74% similar
- OpenClaw had a rough week kevincortes · 35 pts · May 07, 2026 · 72% similar
- Ask HN: Who is using OpenClaw? misterchocolat · 259 pts · April 15, 2026 · 71% similar
- OpenClaw: The Complete 2026 Deep Dive(Install, Cost, Hardware, Reviews and More) svrbvr · 23 pts · March 30, 2026 · 70% similar
- Nvidia is reportedly planning its own open source OpenClaw competitor mikece · 14 pts · March 11, 2026 · 69% similar
Discussion Highlights (6 comments)
Arcuru
I run a home-grown 'Agent' by just making a local user on my linux box. I treat it like an untrusted local user, I only give it scoped API keys, and manage permissions just like any other thing. I have a NixOS machine and I have the Agent setup to just use home-manager to manage itself and its timers and deps and stuff inside its own config. It would be insane to run a full fledged Agent from your own accounts, with the same access as yourself. At the same time running it fully scoped inside a container/VM seemed a little bit too heavy handed to me and the Agent-as-user seems like a better fit for me right now. (I did run my coding agents inside a microVM for a while but ran into a few too many annoyances)
moron4hire
Isn't a lot of this what containerization was supposed to solve? Why are they reimplementing file system isolation from scratch when jails and chroots exist? Why do they have to reason about arbitrary HTTP requests when firewalls and content filtering exist?
shiandow
I know it's probably against the guidelines to comment on it, but any chance you could ask whatever agent is responsible to remove the scroll highjacking? It makes it incredibly tedious to read this article.
echoangle
What is happening in the first screenshot under "Command approvals and prompt fatigue"? Why is "Allow Once" completely red, "Always allow" is black and "Deny" is muted red? Isn't the order of safety (descending) "Deny", "Allow Once" and "Always Allow"?
cedws
Agents are fundamentally insecure, there’s no getting around it. You can put OpenClaw in a box but for it to do anything useful it still needs some access to the outside world, and any untrusted tokens that go into its context are a threat. Claude’s auto mode classifier is probably the best ‘firewall’ out there right now, but it’s a non deterministic layer with a failure rate of 17%.
pantulis
I am under the impression that the end game will look a lot like Apple's closed ecosystem. They are reinventing filesystem permissions, networking security, but most importantly trust on extensions provenance. Probably a good thing but it will remove a lot of the fun.