This may be a good place to exchange some security ideas. I've configured my OpenClaw in a Proxmox VM, firewalled it off of my home network so that it can only talk to the open Internet, and don't store any credentials that aren't necessary. Pretty much only the needed API keys and Signal linked device credentials. The models that can run locally do run locally, for example Whisper for voice messages or embeddings models for semantic search.
embedding-shape|8 days ago
kzahel|8 days ago
stavros|8 days ago
https://github.com/skorokithakis/stavrobot
At least I can run this whenever, and it's all entirely sandboxed, with an architecture that still means I get the features. I even have some security tradeoffs like "you can ask the bot to configure plugin secrets for convenience, or you can do it yourself so it can never see them".
You're not going to be able to prevent the bot from exfiltrating stuff, but at least you can make sure it can't mess with its permissions and give itself more privileges.
CuriouslyC|8 days ago
You don't need to store any credentials at all (aside from your provider key, unless you want to mod pi).
Your claw also shouldn't be able to talk to the open internet, it should be on a VPN with a filtering proxy and a webhook relay.
dakolli|8 days ago
The security concerns are valid, I can get anyone running one of these agents on their email inbox to dump a bunch of privileged information with a single email..