Mossad was literally bragging that it is handing out weapons in Iran recently, but yes, Iran always 'attacks' for no reason and should not do anything no matter what happens right?
Same as the Gaza and Lebanon ceasefires where one side stops attacking and the other (Israel) keeps bombing?
It's not a soluble problem, at least not completely. The big frontier models are better at resisting prompt injection, but any LLM is vulnerable to some degree. If you give it access to arbitrary inputs like the web and to your personal data, there's a risk it'll disclose stuff you don't want it to.
It's annoying, because I love OpenClaw as an idea, but I don't trust it enough to give it what it needs to be useful.
> CME's website is very bot-hostile and blocked it after a few requests
This is one of the reasons people buy a Mac mini (or similar local machine). Those browser automation requests come from a residential IP and are less likely to be blocked.
Many people use the Max subscription OAuth token in OpenClaw. The main chat, heartbeat, etc., functionality does not call the Claude Code CLI. It uses the API authenticated via subscription OAuth tokens, which is precisely what Anthropic has banned.
There are many other options too: direct API, other model providers, etc. But Opus is particularly good for "agent with a personality" applications, so it's what thousands of OpenClaw users go with, mostly via the OAuth token, because it's much cheaper than the API.
There's a lot of, to put it lightly, bullshit in this blog article, starting with when openclaw was released (late November 2025, not January 25, 2026). The first bit of config — "listen: "0.0.0.0:8080" — is not the default. Default is loopback and it was when I first encounter this project at the end of December.
Essentially, the author has deliberately misconfigured an openclaw installation so it is as insecure as possible, changing the defaults and ignoring the docs to do so. Lied about what they've done and what the defaults are. Then "hacked" it using the vulnerability they created.
That said, there are definite risks to using something like openclaw and people who don't understand those risks are going to get compromised, but that doesn't justify blatant lying.
They've recently added "lobster" which is an extension for deterministic workflows outside of the LLM, at least partially solving that problem. Also fixed a context caching bug that resulted in it using far more Anthropic tokens than it should have.
reply