OpenClaw is an open source AI agent that runs on your own computer and can act like a hands on assistant, connecting to chat apps and other tools to browse the web, run commands, and read or edit files. It has drawn attention not just for hype, but for security headaches, including confusing rebrands that attracted impersonation campaigns and a real case where an infostealer stole an entire OpenClaw configuration, not just a few passwords. The article warns that agents like this can be tricked through poisoned content, risky plugins, or exposed setups into leaking tokens, changing settings quietly, or giving attackers a long term foothold. To use it more safely, it recommends treating it as untrusted, running it in a sandboxed VM or container, limiting permissions and credentials, being strict about extensions, and regularly reviewing logs and rotating access.

Recent news