101 comments

[ 2.8 ms ] story [ 75.8 ms ] thread
Do you mean “bullish”?
It's probably what he meant but it's more accurate this way.
Why is everything in lowercase?
Annoying trend from the late 90s, which has, bafflingly, re-emerged.
>all delegation involves risk. with a human assistant, the risks include: intentional misuse (she could run off with my credit card), accidents (her computer could get stolen), or social engineering (someone could impersonate me and request information from her).

One of the differences in risk here would be that I think you got some legal protection if your human assistant misuse it, or it gets stolen. But, with the OpenClaw bot, I am unsure if any insurance or bank will side with you if the bot drained your account.

And the risk isn’t really the bot draining your account, it’s the scammer who prompt injected your bot via your iMessage integration draining the account. I can’t think of a way to safely operate this without prefiltering everything it accesses
I haven't seen any mention or acknowledgement that the model provider is part of this loop too. Technically speaking, none of this is E2EE so you're trusting that a random employee doesn't just read your chats? There will be policies sure, but ultimately someone will try to violate them as has happened many times in the past like at social media companies for example.
Wait I'm ignorant, how long has OpenClaw/Clawdbot existed? This person listed like 6 months of activities that they offloaded to the bot, I thought this thing was pretty new.
Just weeks ago, the sentiment was such that developers would be managing AI workers.

Now, it seems that AI will be managing the developers.

> amongst smart people i know there's a surprisingly high correlation between those who continue to be unimpressed by AI and those who use a hobbled version of it.

I've noticed this too, and I think it's a good thing: much better to start using the simplest forms and understand AI from first principles rather than purchase the most complete package possible without understanding what is going on. The cranky ones on HN are loud, but many of the smart-but-careful ones end up going on to be the best power users.

Did the author do any audit on correctness? Anytime I let the LLM rip it makes mistakes. Most of the pro AI articles (including agentic coding) like this I read always have this in common:

- Declare victory the moment their initial testing works

- Didn’t do the time intensive work of verifying things work

- Author will personally benefit from AI living up to the hype they’re writing about

In a lot of the authors examples (especially with booking), a single failure would be extremely painful. I’d still want to pay knowing this is not likely to happen, and if it does, I’ll be compensated accordingly.

I'm still trying to understand what makes this project worthy of like 100K Github stars overnight. What's the secret sauce? Is it just that it has a lot of integrations? Like what makes this so much more successful than the ten thousand other AI agent projects?
The most blatant online ad campaign ever?
There is only so much damage a human assistant can do.

But an AI assistant can do so much more damage in a short space of time.

It probably won't go wrong, but when it does go wrong you will feel immense pain.

I will keep low productivity in exchange for never having to deal with the fallout.

> in theory, clawdbot could drain my bank account. this makes a lot of people uncomfortable (me included, even now).

Yeah this sounds totally sane!

I just can't get over how none of this is new. 6 months ago I was running "summarize my work" tasks using linear and github mcps

just using a cron task and claude code. The hype around openclaw is wild

Tangent: what is the appeal of the “no capitalization” writing style? I never know what message the author is intending to convey when I see all lower case.

Normally I can ignore it, but the font on this blog makes it hard to distinguish where sentences start and end (the period is very small and faint).

(comment deleted)
Can this thing deal with the insane way my children's school communicates? Actionable information (children wear red tomorrow) is mixed in with "this week we have been learning about bees" across five different communication channels. I'm not exaggerating. We have Tapestry, emails, a newsletter, parents WhatsApp, Arbour and Facebook.

I guess the difficulty is getting the data into the AI.

(comment deleted)
This felt like a sane and useful case until you mentioned the access to bank account side.

I just don't see a reason to allow OpenClaw to make purchases for you, it doesn't feel like something that a LLM should have access to. What happens if you accidentally end up adding a new compromised skill?

Or it purchases you running shoes, but due to a prompt injection sends it through a fake website?

Everything else can be limited, but the buying process is currently quite streamlined, doesn't take me more than 2 minutes to go through a shopify checkout.

Are you really buying things so frequently that taking the risk to have a bot purchase things for you is worth it?

I think that's what turns this post from a sane bullish case to an incredibly risky sentiment.

I'd probably use openclaw in some of the ways you're doing, safe read-only message writing, compiling notes etc & looking at grocery shopping, but i'd personally add more strict limits if I were you.

What if... that whole post is written by AI, and the express intent of the post is to sand down our natural instincts for security, making it easier for malskill devs to take advantage?
>OpenClaw to make purchases for you

But don't you want the agents to book vacations and do the shopping for you!!?!

Though it would be nice if "deep research" could do the hard work of separating signal from the noise in terms of finding good quality products. But unfortunately that requires being extremely skeptical of everything written on the web and actively trying to suss out the ownership and supply chain involved, which isn't something agents can do unguided at the moment.

If you're on MS stack, this is all stuff that MS 365 Copilot will already do for you, but with much better defined barriers around what it can and cant access.
Every time I ask copilot in 365 to do something with calendar or email, it tells me it has no access but helpfully suggests I could paste some content in...

I check in once a month or so and get the same results.

But where's the added value? You can book a meeting yourself. You can quickly add items to the freezer. Everything that was described in the article can be done in about the same amount of time as checking with Clawdbot. There are apps that track parcel delivery and support every courier service.
As someone for whom English is not the first language, I got stumped by the "chest freezer" and the photo of colourful bags, for good ~15 seconds, going through - "hm, must be some kind of travel thing where you bring snacks in some kind of device you carry around your neck / on your chest...why not backpack freezer then...hm, why would snacks need a freezer...maybe it's just a cooler box, but called chest freezer in some places"...

....before I took a better look of the photo and realised it's frozen stuff - for the dedicated freezer - that opens like a chest (tada).

Well, that was fun...Maybe I should get a bit more sleep tonight!

'the sweet sweet elixir of context is a real "feel the AGI" moment and it's hard to go back without feeling like i would be willingly living my most important relationship in amnesia'

I'm not so sure that I would use the word "sane" to describe this.

> let me be upfront about how much access i've given clawdbot: it can read my text messages, including two-factor authentication codes. it can log into my bank. it has my calendar, my notion, my contacts. it can browse the web and take actions on my behalf.

this is foolish, despite the (quite frankly) minor efficiency benefits that it is providing as per the post.

and if the agent has, or gains, write access to its own agents/identity file (or a file referenced by its agents file), this is dangerous

I some lose utility but my openclaw bot only has its own accounts. I do not give it access to any of my own accounts.
Giving access to "my bank account", which I take to mean one's primary account, feels like high risk for relatively low upside. It's easy to open a new bank (or pseudo-bank) account, so you can isolate the spend and set a budget or daily allowance (by sending it funds daily). Some newer payment platforms will let you setup multiple cards and set a separate policy on each one.

An additional benefit of isolating the account is it would help to limit damage if it gets frozen and cancelled. There's a non-zero chance your bot-controlled account gets flagged for "unusual activity".

I can appreciate there's also very high risk in giving your bot access to services like email, but I can at least see the high upside to thrillseeking Claw users. Creating a separate, dedicated, mail account would ruin many automation use cases. It matters when a contact receives an email from an account they've never seen before. In contrast, Amazon will happily accept money from a new bank account as long as it can go through the verification process. Bank accounts are basically fungible commodities, can easily be switched as long as you have a mechanism to keep working capital available.

> amongst smart people i know there's a surprisingly high correlation between those who continue to be unimpressed by AI and those who use a hobbled version of it

is it "hobbled" to:

1. not give an LLM access to personal finances 2. not allow everyone in the world a write channel to the prompt (reading messages/email)

I mean, okay. Good luck I guess.