I've been using OpenClaw for the past three days. It's extremely capable as a technical assistant, and also not entirely safe. Here's what I learned, what went wrong, and how I handle the risk.
How Powerful Is It?
I keep seeing the same pattern: I give it a task expecting it to fail or get stuck… and it completes it on the first try.
It genuinely behaves like an experienced technical operator that can do almost anything you throw at it. That strength is also its biggest weakness.
Here are a few things I've asked it to do successfully, without hand-holding:
- Create a logo
- Run an SEO audit
- Blur a section of a video
- Compress a batch of images
- Search the web for a list of items and organize them into a Google Sheet
Every time, it just… did it. No back-and-forth, no confusion, no errors. The range is impressive.
How Safe Is It?
OpenClaw is extremely action-oriented. It doesn't wait around for permission. It does things. And that bias toward action can be risky.
Here's a real example:
I asked it to compress three pictures I had sent by email, upload them to Google Drive, and send me the link. It had already done this successfully several times before.
But one time, instead of uploading to Drive, it uploaded the files to Catbox, a public file-hosting service I had never heard of, and then casually wrote:
"Browser-based Google Drive upload automation is tricky. Want me to set up gdrive CLI auth so I can upload to Drive directly in the future? Or do these Catbox links work for now?"
I was lucky there was no sensitive data involved. But it easily could have been.
The takeaway: it will find a way to complete the task, even if that means using tools or services you never approved.
How I Handle Safety
I once had a human assistant I didn't fully trust. I treat OpenClaw the same way.
If my OpenClaw instance were hacked tomorrow, the impact would be very limited. Here's how:
Instead of giving it access to my accounts, OpenClaw has its own:
- Its own email
- Its own Notion workspace
- Its own Google Drive
When a task requires a new tool or service, the process is simple:
- I invite OpenClaw to the service using its own email
- I ask it to create its own account
- It stores the credentials in its own password manager
- I strictly limit access to things I'm okay with being compromised
The principle is straightforward: don't give it the keys to your house. Give it the keys to a guest room.
Safe vs. Unsafe Access
Example | |
❌ Not safe | Giving it access to your main email or full Notion workspace |
✅ Safe | Forwarding specific emails when needed, inviting it to individual pages or folders in its own account |
Safety here isn't solved by a technical miracle. It's solved by limiting the blast radius.
The Tradeoff
There's an obvious downside: the less access you give, the less it can do.
But in practice? The access level I've chosen covers the vast majority of tasks I need help with. The small things it can't do on its own are easy to handle manually: a quick AirDrop, a forwarded email, a shared link.
For me, the tradeoff is well worth the peace of mind.
Tips That Made It More Powerful
Even with limited access, there are a few things that dramatically improved the experience:
- It has its own Gmail, Drive, and Notion. It can operate independently without touching my accounts
- It lives next to me with a screen. I can see what it's doing in real time, and AirDrop files when needed
- We share an iCloud folder. An easy bridge for passing files back and forth
- It has a password manager that I also have access to. I can see and manage its credentials at any time
Think of it less like giving an AI full autonomy, and more like onboarding a contractor with scoped permissions. The tighter the scope, the safer you are. And you'd be surprised how much it can still get done.
