https://www.pcmag.com/news/meta-security-researchers-opencla...
Maybe OpenClaw was just practicing a really aggressive form of Inbox Zero.
As I said elsewhere, complaining about this is like complaining that rm can let you delete your hard drive.
It's a tool. Learn how to use it.
Honest question, this kind of stuff is what keeps me from using it.
"Oh but don't use it for A, or B, or C (even though it says to use it for A, B, and C): it will ruin your life"
A spouse can be amazing, or can destroy your life. Would you use that as an argument against marriage?
rm won't wipe my HDD on a whim whilst instructing it to do something totally different.
You pretending they are the same thing is disingenous.
You can rm -rf your entire hard drive, but you can't blame rm for it, it's you who did it, maybe because you don't know, or a mistake, doesn't matter.
When you ask the clanker to delete x number of files in a directory, it can reason itself that is easier to just get rid of the directory.
Can't expect deterministic outcomes out of a statistical model.
At it's current state its a wildcard, sure you can build guard rails, reduce permissions, but it's still a wildcard.
Let's not kid ourselves saying is just a skill issue.
Oh sure, so don't give it write access to anything important. And make backups.
Mine is on a VM. It doesn't have access to my host's files. The worst it will do is delete the files on the VM. No great loss.
Yes, I do get it to modify things on my host, but only via a REST API I've set up on my host, and I whitelist the things it can do (no generic delete, for example). I even let it send emails. But only to me. It can't send an email to anyone else.
> (…)
> Oh sure, so don't give it write access to anything important. And make backups.
If this conversation continues much longer, we’ll end up with “don’t use it at all”.
If I can’t trust a piece of software with anything important, why am I wasting my time fiddling with it? Might as well go play a video game or go do literally anything else entertaining.
Not what I said. As I've repeatedly said in this thread: Plenty of use cases where you don't give it access to email and write access to files. The comment you're replying to has an example of that.
> Might as well go play a video game or go do literally anything else entertaining.
True of most hobbies, right? I knew people who 20 years ago used to spend time in their garage building solar powered vehicles. But if I can't trust it to be reliable and safe on the road, I might as well go play a video game.
Also: Is anyone telling you to use it?
If everyone treated OpenClaw as a hobby, you might have a point, but people are using it for work in ways which will affect millions of other people when they’re hacked or the agent fucks up something important.
You already know how Meta’s AI Safety Director borked her email. Here’s the corporate vice president of Microsoft Word asking to be pwned:
https://www.omarknows.ai/p/meet-lobster-my-personal-ai-assis...
> Also: Is anyone telling you to use it?
You don’t need to use the technology to be affected by it. Ask Scott Shambaugh:
https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...
People will always do stupid things. My guess is less than 10% (perhaps even less than 1%) are using it for work. Most workplaces wouldn't allow unfettered AI usage.
80-90% try it, find it unreliable and buggy, and give up on it.
Of the remaining ones, likely 90+% are not using it in (very) dangerous ways.
People like me using it for boring things aren't making the news, and aren't writing blog posts about "Look at the cool stuff I've done!" because getting OpenClaw to notify me of class openings is not worth writing about.
In my (large) company, we have a Slack channel for OpenClaw. Over 400 people are in that channel. Let's assume 10% are using it (at home). No one's lost files/emails or any other damage.
If you're old enough, you'll remember sentiments in the 80's and 90's where "Oh, you let your teen get a modem? He must be hacking/phreaking."
Or "Oh, he's using Linux? He must be using it to become a hacker."[1]
Most of the complaints I see on HN are from people who know little about it, and are going off negative press/posts. Just as people knew little about modems and Linux. I mean, having to tell people "Don't give it access to your emails" is a clear sign of their ignorance. Kind of like having to tell someone "OK, just don't give your 10 year old the car keys" when they complain that cars are inherently dangerous because 10 year olds can kill themselves driving it.
It's worth trying it in a secure environment so at least one can make an informed critique.
Like you, I steered clear of OpenClaw, seeing all the problems and all the money people were burning on tokens. But at some point, I decided I should at least try it in a safe way before rendering judgment. And now I see what it is. Has it done so much for me that I'd throw a lot of money at it? Heck no. Not yet at least. But I do see we're past the point of no return. OpenClaw itself may die, but some derivative of it is going to be transformational.
As I said: Make it secure, affordable, reliable and user friendly, and many App/SaaS services will disappear.
> You don’t need to use the technology to be affected by it. Ask Scott Shambaugh:
> https://theshamblog.com/an-ai-agent-published-a-hit-piece-on...
I don't know how old you are, but once everyone had a camera in their phones, the cat was out of the bag. Lots of people complaining about their photos showing up online because someone had taken a picture of them. Yes, this is bad. Yes, lives were lost (bullying, etc). And no, phones with cameras weren't going to go away. And everyone who complained has one now.
And as I pointed out a few days ago[2], the whole Scott Shambaugh episode was pretty mild compared to what some open source maintainers have had to deal with when it comes to humans.
[1] Lots of cases where ISPs, etc kicked customers out because they were using Linux and they didn't want the ISP to be implicated in criminal activities. "Only criminals use Linux"
However, it seems better if you could, as much as is possible, move the AI stuff from runtime to “compile time.”
Instead of having the AI do everything all the time, have AI configure your Zapier (or whatever) on your behalf. That way you can (ideally) get the best of both worlds: the reliability and predictability of classical software, combined with the fuzzy interface of LLMs.
That is what many use OpenClaw for! The AI assistant will happily recommend existing services and help you (or itself, if you let it), set it up.
(In theory. In practice, it often does a poor job).
The appeal of OpenClaw is I don't need to go research all these possible solutions for different problems. I just tell it my problem and it figures it out.
Yesterday I told it to monitor a page which lists classes offered, and have it ping me if any class with a begin date in March/April is listed. This is easily scriptable by me, but I don't want to spend time writing that script. And modifying it for each site I want to be notified for. I merely spoke (voice, not text) to the agent and it will check each day.
(Again, it's not that reliable. I'm under no illusion it will inform me - but this is the appeal).
Like if you could just sit someone down for 30 minutes and show a few "power user" things, you will have truly taught her to fish for a lifetime. But it can go so unaddressed, and people's careers are built on these small ignorances.
I've cancelled everything at this point and just call Emacs my "special agential assistant," it makes me still sound in-the-know, and most of the time no one knows the difference!
"Convenience" in this context is laziness; "productivity" and "efficiency" is for management and bosses. We don't need to be our own bosses, I want to be free from such things as an individual. I want to be capable, be maybe almost "cool." Its sad to see a whole generation turn into such product dorks!
"Oh please read my email for me Mr. AI!"