⏱️ Read time: ~3.5 min
If you've been anywhere following recent AI news, you've probably seen the hype around OpenClaw. Autonomous agents that manage your calendar, write briefings, coordinate coding teams, and chat with you over Telegram like a tireless assistant who never sleeps.
And here's the thing: It's real, it works, and it's shockingly easy to set up.
That's exactly why you need to be careful.
Why OpenClaw Is So Tempting
Let's start with what makes this so appealing, because dismissing it would be missing the point entirely.
OpenClaw agents don't just answer questions. They act. They maintain long-term memory about you: your preferences, your work, your tools. All stored in a "Soul" file that evolves over time. They develop a persistent personality. They can even disagree with you when you're wrong.
You interact with them via Telegram (or WhatsApp, Signal), so it feels less like using software and more like texting a coworker who happens to have access to your entire digital workspace.
An OpenClaw agent can manage your calendar, pull research, organize tasks, generate documents, and spin up entire teams of coding agents that build and update software projects autonomously. It's like hiring a remote employee who works 24/7, costs a fraction of a salary, doesn't ask for an annual bonus and never needs a day off.
Setup takes an afternoon. The results feel like magic.
And it's going viral because it's open source and easily expandable. That means anyone can build new skills, share them, and extend what the agent can do. It's a thriving ecosystem where capabilities multiply fast. As an open-source project, it benefits from community-driven security research that helps identify and fix bugs rapidly.
So why the warning?
The Risk You're Actually Taking
OpenClaw's creator, Peter Steinberger, a well-known developer who built what started as a weekend project and has since grown into a global open-source ecosystem, has called it both revolutionary and a "security minefield."
Here's why.
OpenClaw runs with admin-level access to your machine. It can read files, browse your email, operate messengers, install software, call APIs, and trigger actions across your systems. Because the agent lives on your computer and has access to all your data, any vulnerability can be extremely dangerous.
Many of its "skills" come from an open ecosystem where a huge portion of the code is AI-generated and not fully reviewed. While OpenClaw collaborates with VirusTotal to check the skill directory using AI, the process isn't perfect. Malicious skills and exploits are circulating. Hundreds of deliberately harmful skills have been identified. In only a few days!
And then there's prompt injection, an industry-wide unsolved problem.
Anything your agent reads or does (emails, social posts, chat messages, calendar invites) can contain hidden instructions that trick it into leaking secrets or performing harmful actions. Modern models have some post-training to detect these attacks, but it's still possible. In one test, an OpenClaw agent resisted giving up a critical API key but was willing to share calendar data. That might not sound catastrophic, but it's exactly the kind of partial leak attackers use to craft convincing phishing or social engineering.
Another common risk: users ignore the documentation and expose the web backend to the public internet, creating vulnerabilities for remote code execution.
Right now, Steinberger recommends that only those with technical backgrounds and an understanding of the risk profile use OpenClaw until further security refinements are implemented. The focus is on making the system more stable and safe before it's ready for broader, non-technical adoption.
Why I'm Not Using It Yet (And You Probably Shouldn't Either)
I'll be honest: I considered giving OpenClaw a try. The appeal is real. But after looking into what it would take to set it up as safely as possible, I decided against it.
For me, AI is about working smarter. And right now, OpenClaw doesn't sound smart (yet).
To run it safely, you need to set it up on an isolated server (like via Hostinger), configure firewalls, manage access controls, use expensive high-end models, and constantly monitor what it's doing. If terms like "sandboxing" and "private network" don't come naturally to you, you're either taking on significant risk or spending time learning infrastructure management instead of running your business.
That's not working smarter. That's working harder.
Agents like OpenClaw will get better. Security will become more accessible. The setup will get easier. And when that happens, this is absolutely something I'll use and teach.
But right now, it's early days. It's cool for exploration if you're technical and understand the risks. It's not ready for real-life use by coaches and consultants who just want a reliable assistant.
Key Takeaway
Before you give your AI agent access to anything, ask yourself: If I were hiring a human for this role, would I give them access to my personal email, WhatsApp, and bank account on day one?
If the answer is no, don't give it to your agent either.
OpenClaw is powerful because it's open source and endlessly expandable. That's why it's going viral. But that same openness means unvetted code, rapid iteration, and risk that scales as fast as the capabilities do.
The creator himself says this is a security minefield and recommends it only for those with technical backgrounds. If you're not comfortable managing the setup, wait. The power will still be there when the guardrails catch up.
And honestly? I'm waiting too.
Til next time,
Elena
Elena Jaeger
Founder, Future of Work
"AI is the most powerful tool of our time.
It's not here to replace you. It's here to free you, so you can focus on high-impact work, serve your clients better, and finally get your time back."
I help coaches and consultants use AI strategically, without tech overwhelm or losing their human edge.
