Same. Immediately I thought why not have clawdbot ask you for the 2FA? That way you at least kind of know what security-protected action it's trying to take and can approve it
The problem is baked in - he gives it access to iMessage, which is where all the sms-based 2fac codes end up. There is no way to prevent it reading 2 fac codes if you want to give it full text message access