alt Hacker NewsI think a lot of people, me included, fear OpenClaw especially because it's an amalgamation of all features, 2.3k pull requests, obviously a lot of LLM checked or developed code.
It tries to do everything, but has no real security architecture.
Exec approvals are a farce.
OC can modify it's own permissions and config, and if you limit that you cannot really use it for is strengths.
What is needed is a well thought out security architecture, which allows easy approvals, but doesn't allow OC to do that itself, with credential and API access control (such as by using Wardgate [1], my solution for now), and separation of capabilities into multiple nodes/agents with good boundaries.
Currently OC needs effective root access, can change its own permissions and it's kinda all or nothing.