(no title)

Regardless of how you isolate the OpenClaw instance (Mac Mini, VPS, whatever) - if it’s allowed to browse the web for answers then there’s the very real risk of prompt injection inserting malicious code into the project.

If you are personally reviewing every line of code that it generates you can mitigate that, but I’d wager none of these “super manager” users are doing that.