As OpenClaw explodes in popularity, its security issues are increasingly coming to light. Whether it’s recent official updates tightening permissions or government security advisories, everyone is paying more attention to 🦞 security. This time, let’s start from SlowMist’s minimalist security practice guide and analyze the new paradigm of attack and defense in the Agent era.
It feels like AI enthusiasts have been on an emotional roller coaster these past few days:
First, they heard about something called Clawdbot—looks like a lobster?—and thought: What is this? Why is everyone sharing it? Why don’t I have it yet? So they frantically read articles and ordered a Mac mini. Then came the analysis posts saying this thing is extremely dangerous, has way too many permissions, absolutely terrifying—uninstall it now! So everyone nervously uninstalled, shut down, wiped their systems, and listed their machines on secondhand markets (maybe the 🦞 got sold too, haha).
You wouldn’t wire $50,000 through a random website you found via Google ad. Yet that’s exactly what crypto wallets ask you to do every day—except when it goes wrong, there’s no bank to reverse the transaction, no fraud department to call, no chargeback to file.
