upvote

points

by H8crilA13 hours ago |
comments
upvoteby embedding-shape13 hours ago|
next
[-]
I think the security worries are less about the particular sandbox or where it runs, and more about that if you give it access to your Telegram account, it can exfiltrate data and cause other issues. But if you never hand it access to anything, obviously it won't be able to do any damage, unless you instruct it to.
reply
upvoteby kzahel12 hours ago|
parent|
[-]
You wouldn't typically give it access to your own telegram account. You use the telegram bot API to make a bot and the claw gateway only listens to messages from your own account
reply
upvoteby embedding-shape12 hours ago|
parent|
[-]
That's a very different approach, and a bot user is very different from a regular Telegram account, it won't be nearly as "useful", at least in the way I thought openclaw was supposed to work.

For example, a bot account cannot initiate conversations, so everyone would need to first message the bot, doesn't that defeat the entire purpose of giving openclaw access to it then? I thought they were supposed to be your assistant and do outbound stuff too, not just react to incoming events?

reply
upvoteby arcwhite12 hours ago|
parent|
[-]
Once a conversation with a user is established, telegram bots can bleep away at you. Mine pings me whenever it puts a PR up, and when it's done responding to code reviews etc.
reply
upvoteby embedding-shape11 hours ago|
parent|
[-]
Right, but again that's not actually outbound at all, what you're describing is only inbound. Again, I thought the whole point was that the agent could start acting autonomously to some degree, not allow outbound kind of defeats the entire purpose, doesn't it?
reply
upvoteby efromvt7 hours ago|
parent|
next
[-]
There's a lot of useful autonomous things that don't require unrestricted outbound communication, but agreed that the "safe" claw configuration probably falls quite a bit short of the popular perception of a full AI assistant at this point.
reply
upvoteby arcwhite4 hours ago|
parent|
prev|
[-]
Huh? The bot can communicate with me freely as it sees fit. A "conversation" in telegram parlance is not time-limited, it's ongoing once established, so no it's not only inbound. It can awaken and ping me whenever it wants. This can also work if it's added to a group chat.

If you mean it's not outbound as in it can't message arbitrary random users out of nowhere, well yeah, and that's a very desirable trait.

reply
upvoteby stavros11 hours ago|
prev|
next
[-]
I was worried about the security risk of running it on my infrastructure, so I made my own:

https://github.com/skorokithakis/stavrobot

At least I can run this whenever, and it's all entirely sandboxed, with an architecture that still means I get the features. I even have some security tradeoffs like "you can ask the bot to configure plugin secrets for convenience, or you can do it yourself so it can never see them".

You're not going to be able to prevent the bot from exfiltrating stuff, but at least you can make sure it can't mess with its permissions and give itself more privileges.

reply
upvoteby CuriouslyC11 hours ago|
prev|
next
[-]
If you're really into optimizing:

You don't need to store any credentials at all (aside from your provider key, unless you want to mod pi).

Your claw also shouldn't be able to talk to the open internet, it should be on a VPN with a filtering proxy and a webhook relay.

reply
upvoteby dakolli13 hours ago|
prev|
[-]
Genuinely curious, what are you doing with OpenClaw that genuinely improves your life?

The security concerns are valid, I can get anyone running one of these agents on their email inbox to dump a bunch of privileged information with a single email..

reply