most open claw users have no idea how easy it is to add backdoors to these models and now they're getting free reign on your computer to do anything they want.
the risks were minimal with last generation of chat models, but now that they do tool calling and long horizon execution with little to no supervision it's going to become a real problem
The only remaining risk is the API keys, but easily isolated.
Although I think having direct access on your primary PC may make it more useful, the potential risk is too much for my appetite.
> stealing your API keys is the last thing I'd worry about
I don't know, I very much prefer the API credits not being burned needlessly.
Now that I think of it, is there ever a case where an Anthrophic account is banned due to the related API keys being misused?
Wait a second, LLMs are the product of software engineers.
Unfortunately, prompt injection does strongly limit what you can safely use LLMs for. But people are willing to accept the limitations because they do a lot of really awesome things that can't be done any other way.
They will figure out a solution to prompt injection eventually, probably by training LLMs in a way that separates instructions and data.
Anthropic released Claude saying “hey be careful. But now that enables the masses to build OpenClaw and go “hold my bear”. Now the masses people using OpenClaw had no idea what responsibility they should hold.
I think eventually we will have laws like “you are responsible for your AI’s work”. Much like how driver is (often) responsible for car crashes, not the car companies.
No? Via prompt injection an attacker can gain access to the entire machine, which can have things like credentials to company systems (e.g. env variables). They can also learn private details about the victim’s friends and family and use those as part of a wider phishing campaign. There are dozens of similar scenarios where the blast radius reaches well beyond the victim.
That's not to say that prompt injection isn't also scary. It's just that software getting hacked by bad actors has always been a thing. Software doing something scary when no human did anything malicious is worse.
It’s dumb, everyone knows it’s dumb, and people do it anyways. The unsolved root problem isn’t new but people just moved ahead. At least with the sub the guy had some skin in the game. Openclaw dev is making out like a bandit while saying “tee hee the readme says this isn’t safe”.
Now, the risks with OpenClaw are lower, you're not likely to die if something goes wrong, but still real. A lot of folks are going to have a lot of accounts hijacked, lose cryptocurrency and money from banks, etc.
* Pilots to have a license and follow strict proceedure
* Every plane to have a government registration which is clearly painted on the side
* ATC to coordinate
* Manufacturers to meet regulations
* Accident review boards with the power to mandate changes to designs and procedures
* Airlines to follow regulations
Not to mention the cost barrier-to-entry resulting in fundamentally different calculation on how they are used.
No. Nobody decided anything of the sort about the wright brothers first plane. If they had, planes would not exist.
It doesn't hold. This is a prototype aircraft that requires no license and that has been mass produced for nearly the entire population of earth to use.
As you say, it is one of the most regulated industries on earth. Versus whatever AI is now - regulated by vibes? Made mass accessible with zero safety or accountability?
So it’s dangerous. Who gives a fuck? Don’t run it on your machine.
While I don't particularly care for this bot's (Rathburn) goals, people are trying to use OpenClaw for all kinds of personal/productivity benefits. Have a bunch of smallish projects that you don't have time for? Go set up OpenClaw and just have the AI work on them for a week or two - sending you daily updates on progress.
If you're the type who likes LLM coding because it now enables you to do lots of projects you've had in your mind for years, you're also likely the sort of person who'll like OpenClaw.
Forget bots messing with Github and posting to social media.
Yes, it's very dangerous.
But do you have a "safe" alternative that one can set up quickly, and can have a non-technical user use it?
Until that alternative surfaces, people will continue to use it. I don't blame them.
This is more like driving a car with little safety in the early days. Unsafe? For sure. People still did it. (Or electric bikes these days).
Or the early days of the web where almost no site had security. People still entered their CC number to buy stuff.
Same thing with OpenClaw. Install it on its own machine, put it on its own network, don't give it access to your actual identity or anything sensitive, and be careful not to let it do things that would harm you or others. Other than that, have fun playing with the agent and let it do things for you.
It's not a nuke. It can be contained. You don't have to trust it or give it access to anything you aren't comfortable being public.
I've been around since before the web. You know what made the Internet suck for me? Letting people act anonymously. Especially in forums. Pre-web, I was part of a local network of BBS's, and the best thing about it was anonymity was simply forbidden. Each BBS operator in the network verified the identity of the user. They had to post in their own names or be banned. We had moderators, but the lack of anonymity really ensured people behaved. Acting poorly didn't just affect your access to one BBS, but access to the whole network.
Bots spreading crap on the web? It's merely an increment over the problem of allowing anonymous users. You can't solve one while maintaining anonymity.
There is no practical way to stop someone from going to a crowded mall during Christmas shopping season and mowing people down with a machine gun. Yet, we still haven't made malls illegal.
> ... if they are allowed to continue.
You may have a fantastic new idea on how we can create a worldwide ban on such a thing. If so, please share it with the rest of us.
> "Forget bots messing with Github and posting to social media." Why should we forget that?
Go back 20 years, and if HN existed in those days, it will be full of "Forget that peer to peer is used for piracy. Focus on the positive uses."
The web, and pretty much every communication channel in existence magnifies a lot of illegal activity (child abuse, etc). Should we singularly focus on those?
And who is doing that?
I haven't even read the article, but just because we can, it doesn't mean we should (give autonomous AI agents based on LLMs in the cloud access to personal credentials)?
Say you want a bot to go through all the HN front page stories, and summarize each one as a paragraph, and message you with that once a day during lunch time.
And you don't want to write a single line of code. You just tell the AI to set it all up.
No personal information leaked.
I'm definitely the former, but I just can't see a compelling use for the latter. Besides manage my calendar or automatically responding to my emails, what does OpenClaw get me that claude code doesn't? The premise appeals to me on an aesthetic level, OpenClaw is certainly provocative, but I don't see myself using it.
All without writing a single line of code or setting up a cron job manually?
I suppose it could, if you let it execute the crontab commands. But 2 months after you've set it up, can you launch claude code and just say "Hey, stop the job search notifications" and have it know what you're talking about?
This is a trivial example. People are (attempting to) use it for more significant/compex stuff.
Exaggerated extremes illuminate poorly formed arguments.
Incorrectly quotes me and executes a strawman attack.
An AI Agent Published a Hit Piece on Me – Forensics and More Fallout - https://news.ycombinator.com/item?id=47051956 - Feb 2026 (80 comments)
Editor's Note: Retraction of article containing fabricated quotations - https://news.ycombinator.com/item?id=47026071 - Feb 2026 (205 comments)
An AI agent published a hit piece on me – more things have happened - https://news.ycombinator.com/item?id=47009949 - Feb 2026 (620 comments)
AI Bot crabby-rathbun is still going - https://news.ycombinator.com/item?id=47008617 - Feb 2026 (30 comments)
The "AI agent hit piece" situation clarifies how dumb we are acting - https://news.ycombinator.com/item?id=47006843 - Feb 2026 (125 comments)
An AI agent published a hit piece on me - https://news.ycombinator.com/item?id=46990729 - Feb 2026 (949 comments)
AI agent opens a PR write a blogpost to shames the maintainer who closes it - https://news.ycombinator.com/item?id=46987559 - Feb 2026 (750 comments)
vannevar•1h ago
manofmanysmiles•1h ago
peterldowns•1h ago
logicprog•53m ago
gom_jabbar•51m ago
HoldOnAMinute•49m ago
Also this https://en.wikipedia.org/wiki/The_Wisdom_of_Crowds