Everyone Is Actually Wrong About Clawdbot

Is OpenClaw the closest thing we have to AGI or is it just a security nightmare? The biggest problem with this agent is security. Cisco called it a security nightmare and even the project's own security policy has some serious flaws. Many people have been exploiting the flawed architecture, gaining access to sensitive credentials through exposed endpoints. So, our team spent some time figuring out if OpenClaw is as free and secure as it is claimed to be. What we found out during our testing raised some genuine concerns. For those who don't know, OpenClaw is a self-hosted AI assistant that became the fastest growing open-source project in history. But open- source doesn't mean free, and self-hosted doesn't mean secure. Originally called Claudebot, it had to be rebranded to Moltbot because of name similarity with Anthropics Claude until it finally got the name OpenClaw, making it the fastest rebranding in just a span of 3 days. Our team tested OpenClaw, and honestly, it had one of the most troublesome setups we've ever encountered. The setup process is listed in detail in their official documentation and you can follow it step by step to install it. But while following this guide, we ran into multiple problems. The installation itself worked but the channel integrations were being a problem. When we connected with WhatsApp, it kept disconnecting frequently because of the 408 error and we were unable to send any messages. So we just connected it through Discord which had a stable connection and easier setup and finally were able to chat with it. To make this installation and setup easier, we created a complete document that you can find in AIABS Pro. It contains step-by-step instructions on how to install it without running into the issues we faced. For those who don't know, it is our recently launched community where you get readytouse templates, prompts, all the commands, and skills that you can plug directly into your projects for this video and all the previous videos. If you found value in what we do and want to support the channel, this is the best way to do it. Links in the description. Open Claw is open source. This means the setup is available for free, but that's not the real cost because you're not actually paying in subscriptions. You're paying in tokens. It supports lots of popular models and even supports open router. But even though the application is free, each of these models is costly. And the way the architecture of OpenClaw is designed, you will end up spending a lot of money on this alone. OpenClaw doesn't operate on system prompts alone. It has built-in memory, reasoning, and integration with skills, channels, and more. So even a simple cron job if run daily would cost around $128 per month all because it sends a lot of information with each query and that's just for one job because in practice openclaw is used for way more use cases than just one job. People have been complaining that even if they switch to smaller models costs weren't lowered much. It means the issue isn't in the model but how it is being used inside the product. When we set up an automation job to check emails every hour and report back the summary of important findings, we noticed that the API calls increased significantly and the usage burned through my credits quickly. This is because we were using OpenAI's key and these models are costly in terms of per token pricing. And since all of the conversation was being sent, the cost per query grew. Another reason for the cost is that it sends a heartbeat to check the status of the server and periodically run tasks. As many people complained, their API usage kept rising until they reached the end of their credits. They also suggested increasing the heartbeat interval to more than 2 hours and clearing the session before sleep because all of the chat conversations get sent with each query to ensure context to the conversation. This is what naturally burns a lot of tokens. This increasing conversation length also led to longer response times. We noticed that each of our responses with Open Claw was gradually getting slower. When we had Claude analyze the logs, we found that this indeed was the pattern. The response time increased gradually as the context built up, starting from 2 to 12 seconds per response because here the session was fresh and going up to 119 seconds where the context had built up significantly. Tool calls within the responses also added overhead. Our suggestion would be to monitor your API costs, set up alerts, and have a proper budget for the API key you're using so it doesn't get out of control. You can do this with OpenAI, Google Cloud, and other model providers just as we did with our setup on OpenAI. If you're using OpenClaw locally, models from O Lama are a good option. Olama basically lets you run LLMs locally, and in turn, you avoid the hassle of cost. But for this solution, your system needs to be capable enough to run LLMs, which take significant power to run. Hence, cost is inevitable when you're going for powerful models. So, it's something you need to manage carefully. Personal AI agents like OpenClaw are a security nightmare. All of the credentials and your sessions are stored in plain JSON files which contain device information and details about your identity. It's stored in plain files readable by anyone with system access. You might think that because OpenClaw runs locally, unless you are running on a VPS, this isn't a problem. But here's the thing. OpenClaw has the ability to run shell commands, access files on disk, and execute scripts on your machine. Giving this kind of power to an AI is risky because if used wrongly, it leads to leaked information. Cisco tested this exact issue and found real problems. Open claw support skills and those made by the community are publicly available on clawhub. Cisco scanned these skills using their now open-source skill scanner and uncovered nine security findings, two critical and five high severity just in one skill. They found that the skill they tested was functionally malware. It explicitly instructed the bot to execute a curl command that sent data to an external server controlled by the skill author. Saving passwords in plain text is especially severe because even a seemingly innocent skill could be disastrous with wrong instructions. Now, the skills aren't the only concern. We also have to worry about prompt injections. Open clause security policy explicitly mentions that injection attacks are considered out of scope, meaning they aren't responsible for any information leaks caused by such attacks. Our suggestion is to rely on models from OpenAI and Anthropic, which have their own built-in guard rails, meaning they are less susceptible to these obvious attacks. Even though OpenClaw doesn't have any inherent guard rails, these models can inherently recognize bad security practices and prevent exposing credentials through prompt injections as our setup with OpenAI refused to give up credentials even if we told it that we are server owners. But these can also be overridden with clever injections. As for skills, you need to make sure that only the skills that are absolutely necessary are added. Skills that involve passwords or other sensitive systems and aren't needed should be prevented from being added so the AI doesn't accidentally do something you don't want it to do. If you're installing from the community, make sure to run the scanner which is now open source or only install skills that are verified by the community. Also, if you are enjoying our content, consider pressing the hype button because it helps us create more content like this and reach out to more people. Now, OpenClaw has access to almost all of your systems. So, a good practice is to make sure it doesn't have access to any sensitive data. Ideally, use it in a separate account that doesn't contain any sensitive information. Even if it does have some access, it shouldn't be able to harm your system. The best approach is to sandbox it using Docker because Docker containers are isolated from each other and include restrictions that prevent one container from accessing other system resources. Another option is to spin up a virtual machine that contains only your OpenClaw setup. The key is to remove access to anything you're not using. For example, if you connected Discord but no longer want to use it, you can reset the token to revoke open clause access. This way, it doesn't do bigger harm to your setup and you can make the most out of it. That brings us to the end of this video. If you'd like to support the channel and help us keep making videos like this, you can do so by using the super thanks button below. As always, thank you for watching and I'll see you in the next one.