Dangers of Clawdbot and how to protect yourself from them before deciding to use it

by

Let’s give you some safety tips in case you are thinking of using Clawbot. This is a AI agenta bot that takes control of your computer, and then you can use it to tell it to do things on it. This is something that is having a lot of success, since it is capable of speeding up many processes and doing many things for you.

But of course, when you are using this tool you are giving a system of artificial intelligence full access to the machine where you install it, and this has some dangers that you should be aware of.

What dangers are there for your data

These are the dangers to which you expose yourself when are you going to use this tool. Even the creators of the bot have assured that there is no perfectly safe configuration, so it should be taken into account.

  • Gateway exposure on the web: If you do not have the way in which your bot is accessed properly configured, a third party may have access or the access page may even be filtered. This would allow a third party to take control of your computer.
  • Too open access policies: If you are not careful when configuring access to the bot and allowing others to interact with it, you will be giving them the keys to your computer to control it.
  • Prompt injection: If you make the bot interact with files that you have downloaded from the Internet, perhaps some of them have hidden texts with commands that ask it to ignore what you have ordered and do another task that could be dangerous for you.
  • Plugins or extensions: When you install a plugin on this AI agent to give it more capabilities, it runs alongside the gateway. This means that if you install a malicious plugin or extension, they may contain code that takes control of your computer or performs unwanted actions.
  • Bot malfunctions: Like any bot based on artificial intelligence, it may fail to interpret orders or perform unwanted actions unintentionally. This could endanger the contents of the computer where you run it.

In short, the main danger is exposing your bot and access to it, allowing others to control it. If another person has access to your bot, they can simply take control of your entire computer and the data you have on it.


AI wrappers: what they are, how they work and main functions of these additional layers for artificial intelligence models

How to keep Clawdbot safe

First of all, and the most recommended is do not use Clawdbot on your main computer or machine. Just don’t have it where you keep your most private data and files, and this way you will prevent unwanted access or malfunction from putting you at risk. And if you don’t have a secondary computer, use a sandbox mode, install a virtual machine with limited files.

By installing Clawdbot on a secondary or virtual machine, you can decide what files you want on it, what applications do you have installed and what passwords are in the browser to use, as well as bank details. It is simply advisable to only have the accesses and applications that you are going to use, not everything.

In addition, for each of the dangers we have mentioned above there are also specific tips to follow.

  • Gateway Dangers: To prevent others from accessing your bot, you need to ensure that Gateway authentication is always enabled with a token or password. Additionally, you must use Tailscale or secure HTTPS for access. If you use a web interface for the bot, disable settings that allow insecure authentication, and if you control it through the chat of a messaging app, take maximum care of the privacy of that application and access to it. Put a password.
  • Too open access policies: Be careful when pairing nodes with elevated permissions, and avoid sharing access in groups if you don’t fully trust all users. It is also advisable to configure the bot so that it only responds to specific users or to messages where it is explicitly mentioned.
  • Prompt injection: Try not to interact with files that you have not created, deleting those that you have downloaded from the Internet on the machine. You should also design your configuration for limited and validated access before processing commands.
  • Plugins or extensions: To avoid any danger from malicious plugins or extensions, you should only install those that you explicitly trust, and only from completely trustworthy sources. It is best to manually review the plugin code before activating it.

In addition to this, the creators of Clawdbot have an advanced security guide where they tell you the security hearings that you must perform periodically to make sure everything is working correctly.

And finally, the best advice I can give you is that do not use Clawdbot if you do not have minimal knowledge to know how to configure it. If terms like “remote administration API”, “sandboxing”, “localhost” or “reverse proxy” don’t sound familiar to you, it’s best not to install it on your computer.

In Xataka Basics | The best prompts to save hours of work and do your tasks with ChatGPT, Gemini, Copilot or other artificial intelligence

Leave your vote

0 Points
Upvote Downvote

Leave a Comment

GIPHY App Key not set. Please check settings

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.