I think the security worries are less about the particular sandbox or where it runs, and more about that if you give it access to your Telegram account, it can exfiltrate data and cause other issues. But if you never hand it access to anything, obviously it won't be able to do any damage, unless you instruct it to.

▲

kzahel 2 hours ago | parent [-]

You wouldn't typically give it access to your own telegram account. You use the telegram bot API to make a bot and the claw gateway only listens to messages from your own account

▲

embedding-shape 2 hours ago | parent [-]

That's a very different approach, and a bot user is very different from a regular Telegram account, it won't be nearly as "useful", at least in the way I thought openclaw was supposed to work.

For example, a bot account cannot initiate conversations, so everyone would need to first message the bot, doesn't that defeat the entire purpose of giving openclaw access to it then? I thought they were supposed to be your assistant and do outbound stuff too, not just react to incoming events?

▲

arcwhite an hour ago | parent [-]

Once a conversation with a user is established, telegram bots can bleep away at you. Mine pings me whenever it puts a PR up, and when it's done responding to code reviews etc.

	▲	embedding-shape an hour ago \| parent [-]
		Right, but again that's not actually outbound at all, what you're describing is only inbound. Again, I thought the whole point was that the agent could start acting autonomously to some degree, not allow outbound kind of defeats the entire purpose, doesn't it?