[feznyng]

That isn't secure is the issue, the more things you have it hooked up to the more havoc it can cause. The environment being locked down doesn't help when you're giving it access to potentially destructive actions. And once you remove those actions, you've neutered it.

[_pdp_]

The openclaw security model is the equivalent of running as root - i.e. full access. If that is insecure the inverse of it is running without any access as default and adding the things that you need.

This is pretty much standard security 101.

We don't need to reinvent the wheel.

[simonw]

The unsolved security challenge is how to give one of these agents access to private data while also enabling other features that could potentially leak data to an attacker (see the lethal trifecta.)

That's the product people want - they want to use a Claw with the ability to execute arbitrary code and also give it access to their private data.