If you’ve been on tech Twitter or TikTok in the last month, you’ve seen the OpenClaw hype. People posting screenshots of AI agents sending their emails, managing their calendars, browsing the web, and running terminal commands — all from a WhatsApp message. It looks like the future.
And honestly? It is. A personal AI that actually does things, not just talks to you, is exactly where all of this is heading. I plan to try it. I’m genuinely interested in what it can do.
But I study IT. And the security side of this has me paying close attention — not for people like me who know to take precautions, but for everyone else. Most people jumping on this hype don’t know what they’re exposing themselves to.
Here’s the Part That Has Me Paying Attention
OpenClaw is open source — meaning the code is publicly available. Anyone can look at it, contribute to it, and use it themselves. That sounds great, and in a lot of ways it is. But it also means there’s no company responsible for your security. You are. And if you’ve never set up a server, locked down a network, or thought about what happens when an AI tool has access to your files and accounts, that’s a problem.
In January 2026, a major security flaw was discovered in OpenClaw. It allowed any website you visited to silently connect to your OpenClaw agent and run commands on your machine — without you knowing. You didn’t have to click anything. You didn’t have to do anything wrong. Just having OpenClaw running while browsing was enough. The flaw was rated near the top of the severity scale.
By the time it was fixed, researchers had found over 30,000 people’s OpenClaw setups exposed on the open internet. In a separate study, over 42,000 exposed setups were found — and in 93% of them, someone could get in without a password. Access keys and account credentials were sitting in the open. Not locked away. Just there.
After that, six more security issues were found. Attackers could trick the tool into making requests it shouldn’t, bypass login protections entirely, and access files it had no business touching.
And then there’s the add-ons. OpenClaw has a marketplace of community-built “skills” that expand what it can do — similar to browser extensions. Some of those skills have already been flagged as malicious. Install the wrong one and you’ve handed an AI that has access to your machine a direct path in for someone who shouldn’t be there.
Cisco, Microsoft, and CrowdStrike all published warnings about OpenClaw. Microsoft said it “should be treated as untrusted code execution with persistent credentials.” Their words, not mine.
So What Do You Do If You’re Not a Security Professional?
If you use ChatGPT, Gemini, or Claude to get things done and you’re watching the OpenClaw hype thinking “I want that” — I get it. But jumping straight from a chat window to running an autonomous AI agent on your personal machine — with access to your files, your email, and your accounts — is a massive leap. If you don’t know how to protect it, you’re taking a real risk with your real data.
My recommendation? Start somewhere that gives you those same agentic capabilities inside a security model that’s already been built and tested for you. That’s Claude Code.
Claude Code Isn’t Just for Developers
I want to be clear about something people get wrong: Claude Code is not just a coding tool. Yes, it can write code. But that’s one of many things it does. I use it every single day to run my entire business — and most of what I’m doing has nothing to do with writing software.
Running multiple client projects and businesses at once means a lot of time can disappear into the execution layer — formatting deliverables, organizing research, drafting the fifth version of something, moving things between platforms. Claude Code takes that friction off my plate. I tell it what I need, it handles the tedious parts, and I stay focused on the work that actually matters.
That’s what I mean when I say it’s a worker. Not that it runs things — but that it does real tasks, not just answers questions. There’s a difference between an AI that tells you how to do something and one that just does it with you.
That permission system is the key difference. Every action Claude Code takes can be approved or denied. You decide what it can do automatically and what it has to ask you about first. You can block entire categories of actions. It works within boundaries you set — not boundaries you had to learn security engineering to build.
On top of that:
You can install skills and plugins — community-built capabilities that extend what Claude Code can do. I have 24 installed. They connect to the tools I already use: Slack, GitHub, file systems, databases. All of it runs inside the same permission system, not as uncontrolled code on your machine.
You can give it standing instructions through a simple text file. I have one that tells Claude my business rules, my client preferences, my formatting standards, and how I like things done. It knows my workflow because I wrote it down once and it follows it every time.
You can set it to work continuously on a task without stopping. Give it a list of things to do, and it works through them. This is the autonomous AI worker people are excited about with OpenClaw — except built into a tool that already has security guardrails.
And as of February 25th, Anthropic added the ability to connect to your Claude Code session from your phone or any browser. Your files, your environment, your setup — it all stays on your machine. You just get a window into it from wherever you are. No server exposed to the internet. No custom security setup required. That’s exactly what people love about the “AI you can reach from your phone” idea — with none of the risk.
If You’re Getting OpenClaw Anyway — Read This First
I’m not here to tell you what to do. If you’re technical, you’ve done your research, and you want to self-host an AI agent, that’s a valid choice. But please go in with your eyes open. Here are the things worth looking into before you start:
Network isolation. Your OpenClaw instance shouldn’t be reachable from the open internet. Look into running it on a local-only network or behind a firewall. If you don’t know what that means yet, that’s a sign to slow down.
Keep it updated. Security patches matter. Six vulnerabilities were discovered in a short window. If you’re not staying current with updates, you’re staying exposed.
Audit what you install. The skill marketplace is community-built. Malicious skills have already been flagged. Treat it like a browser extension — don’t install something you haven’t researched.
Review what access you give it. Does it need access to your email? Your files? Your accounts? Only give it what it actually needs. Less access means less risk if something goes wrong.
Consider a dedicated device. If you really want to go deep with OpenClaw but don’t want to risk your main computer, put it on a separate machine. It doesn’t have to be a Mac Mini — an old laptop you have sitting around works. Give it the access it needs, and keep your main machine clean.
One More Thing: Protect Your Sensitive Files
This applies whether you use OpenClaw, Claude Code, or any AI tool that works broadly on your machine.
When I set up Claude Code to work autonomously across my computer, one of the first things I did was add an encrypted layer for my most sensitive files. I use VeraCrypt — it’s free, and it creates a locked vault on your computer. Think of it like a safe inside your house. When the safe is locked, your AI can’t see what’s inside it. When you need something from it, you unlock it, grab what you need, and lock it again.
Your passwords, tax documents, client contracts, API keys, financial records — none of that needs to be sitting in an open folder that an AI agent can browse freely. VeraCrypt takes about 20 minutes to set up and removes a real category of risk.
The tools are getting powerful fast. That’s exciting. But power without protection is just exposure.
Start Where the Security Is Already Built
I use Claude Code every day to run my business — client work, content, research, planning. It’s the tool I trust with my real work because I didn’t have to become a security engineer to use it safely.
If you want to get real things done with AI, not just have conversations, Claude Code is where I’d point you. Learn how it works in a controlled environment first. Then, if you want to go deeper into self-hosted agents down the road, you’ll actually understand what you’re dealing with and how to protect yourself.
The hype is real. The technology is real.
But if you can’t secure it, don’t skip steps.
Forward Upward Onward
Mstimaj
Sources and Further Reading
- Anthropic. Claude Code CLI Overview.
- VeraCrypt. veracrypt.fr.
- Bitsight. OpenClaw Exposure Report, January 2026.
- Microsoft Security Blog. OpenClaw Agent Security Guidance, January 2026.
- CrowdStrike. OpenClaw Threat Intelligence Advisory, January 2026.
Join the Conversation
Share your thoughts and connect with other readers