(no title)

Microsoft's security blog last week was explicit: "OpenClaw should be treated as untrusted code execution with persistent credentials. Not appropriate for standard workstations."

Their solution (dedicated VMs) is technically correct but practically useless. The exec with the Mac Mini isn't running a VM.

I built an open-source tool to bridge this gap: ClawMoat (https://github.com/darfaz/clawmoat). Host-level security between the agent and your file system: permission tiers, forbidden zones for sensitive dirs (~/.ssh, ~/.aws, browser data), full audit trails, real-time alerts. One npm install, zero dependencies, MIT licensed.

Not a silver bullet - you still want prompt injection scanning (LlamaFirewall) and conversation guardrails. But it's the only open-source tool I know of that protects the host FROM the agent rather than the other way around.

The answer to "should we ban OpenClaw?" is probably "no, but you should see what it's doing and stop it from touching your credentials."