My take: openclaw should not run on a mac (even though looking at the skills it ships with it clearly was made to)

It should run on its own VPS with full root access, given api keys which have spending limits, given no way for strangers to talk to it. I treat it as a digital assistant, a separate entity, who may at some point decide to sell me out as any human stranger might, and then share personal info under that premise.

Don’t use it, or give it access to nothing important, therefore vastly limiting its potential. That’s the only way.

Prompt injection is a thing, and a lot of vibe coding, Gas Town, Ralph-loop enthusiasts are vehemently ignoring the risk believing they’re getting ahead.

I wouldn’t worry and just observe the guinea pigs doing their thing. Most of them will run around expending all their energy, some will get eaten by snakes, and you’ll be able to learn a lot, wait for the environment to mature, then spend your energy, instead.