OpenClaw is a hobby project. It’s still in beta. Expect sharp edges. By default, it’s a personal agent. One trusted operator only. Enable tools, and it can read files. Enable tools, and it can run actions. A single bad prompt can trick it. It can perform unsafe operations. Multi-user setups share delegated tool authority. If you’re not careful, you could expose your system. Recommended safety measures: - Pairing / allowlists + mention gating - Separate credentials or OS users for multi-user setups - Sandbox tools + least-privilege access - Isolate DM sessions in shared inboxes - Keep secrets out of reach of the agent - Use the strongest model for untrusted inboxes Run regular audits: openclaw security audit --deep openclaw security audit --fix If you’re not comfortable with security hardening, don’t run it. Ask someone experienced before enabling tools. PS: If you found this useful, repost it to help others secure their OpenClaw setup before it’s too late. For full security guide comment "Security"