GenAI Updates , , , , , ,

Clawdbot Is Incredible. The Security Model Scares the shit out of me.

I've been messing with Clawdbot this week and I get the hype. It genuinely feels like having Jarvis. You message it on Telegram, it controls your Mac, researches stuff, sends you morning briefings,

Clawdbot Is Incredible. The Security Model Scares the shit out of me.

Rahul Sood has been testing Clawdbot and the writeup is worth your attention. He describes it as feeling like Jarvis, a Telegram-driven assistant that can control a Mac, research things, send morning briefings, and remember context. That sounds amazing, and he doesn’t hide that excitement. But he also spends a lot of time explaining why the security tradeoffs are huge, and honestly, that part stuck with me.

At its core, Clawdbot is not just a chatbot, it’s an autonomous agent with *full shell access*, browser control (including your logged-in sessions), file system read/write, and access to email and calendars, plus persistent memory and proactive messaging. That’s the point, Rahul says, it’s supposed to actually do things for you. The problem is, instructions can hide inside the things you ask it to read.

He walks through prompt injection, with a clear example (a PDF that tells the agent to copy SSH keys and cookies). The model can’t reliably tell “content to analyze” from “instructions to execute,” so every doc, email, and webpage becomes a potential attack vector. He also flags messaging apps as expanded attack surfaces, since Clawdbot connects to Telegram, WhatsApp, Discord, Signal, and iMessage. For WhatsApp in particular, there’s no bot account, it’s just your phone number, so any inbound message becomes agent input. Yikes.

Rahul appreciates that the project is built for power users, with no guardrails by design, and he recommends sensible mitigations. Run Clawdbot on a dedicated machine (cheap VPS or old Mac Mini), use SSH tunneling, use burner numbers for messaging, run diagnostic checks, and treat the workspace like a git repo so you can roll back bad context.

Read his full thread here: https://x.com/rahulsood/status/2015397582105969106

The bigger picture is clear, Rahul concludes, and it’s something to watch. These tools are transformative, and they’re outpacing our safety models, so cautious early adoption feels like the smart path forward.

Schlagwort

Ähnliche Beiträge

Kommentar abschicken

Das hast du vielleicht verpasst