What about heartbeats, cron etc? Seems like a major part of the 'claw' appeal is that it can work autonomously, monitor your email inbox for stuff and take action automatically...
I hear a lot about people doing this but it really seems like it is prompt injection as a service. eventually the things that can happen when you give the world write access to an unattended LLM that can access both your browser and password reset mechanism will happen.
or someone will just make it email lewd pics to people’s bosses for the lols
It's a neat idea but it's not exactly plausible real world conditions to have an agent that pretty much exclusively spends its time wading through an email inbox that's 99% repeated prompt injection attempts. As the creator acknowledges in the original thread, its context/working memory is going to be unusually cognizant of prompt injection risk at any given time vs. a more typical helpful agent "mindset" while fulfilling normal day-to-day requests. Where a malicious prompt might be slipped in via any one of dozens of different infiltration points without the convenience of a static "prompt injection inbox".
Mostly because no one cares about trying to hack "hackmyclaw", there is zero value for any serious attacker to try. Why would they waste their time on a zero value target?
The only people who tried to hack "hackmyclaw" are casual attempts from HN readers when it was first posted.
Meanwhile, tons of actual OpenClaw users have been owned by malware which was downloaded as Skills.
Also, there have been plenty of actual examples of prompt injection working, including attacks on major companies. E.g. Superhuman was hacked recently via prompt injection.
I would never use it on my MacBook or any machine but I understand why technical people would want to experiment with something dangerous like that. It’s novel, exciting, and might inspire some real practical products in the future (not just highly experimental alpha software).
I'd love if someone with experience can correct me if I'm wrong but in my experience it can do all of that really, really badly. I find the happy and most likely case for any sort of autonomous thing is that it totally fails to do anything. The sad case is it does the wrong thing. There's just no case where these things make good judgement calls or understand what you think is important.
I do still find some things useful about my nanoclaw setup - convenience and easy scheduling of LLM related tasks. Well, promising actually, not useful yet. But autonomy is not one of those things.
You can do both with the cron daemon. But pantalk can also trigger the agent after some notifications are buffered too. So that also is a trigger. You don't really need one massive library. All operating systems have native ways to do all of these things and more.
I don't know. You can even use systemd if you like.
or someone will just make it email lewd pics to people’s bosses for the lols