Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
hopechong 5 hours ago

We've been seeing a lot of people run OpenClaw directly on their main machine, which is a bad idea for a few reasons: it needs broad system access, it's noisy on resources, and if something goes wrong you want a clean blast radius. The obvious answer is "just isolate it," but isolation has real friction. You need to provision a machine, handle SSH keys, configure security groups, and remember to tear things down so you're not leaking money. This post walks through the three realistic options:

Docker – lowest friction, but shares your kernel and has limits depending on what OpenClaw needs to do Dedicated hardware – best isolation, but you're paying 24/7 and it takes time to set up Cloud VM – the sweet spot for most people: true isolation, pay-per-use, tear it down when you're done

For the cloud VM path, we show how to launch a hardened OpenClaw environment on AWS, GCP, Azure, or any other cloud with a single command, handling provisioning, SSH, and auto-teardown for you.

markb139 5 hours ago | parent | next [-]

It seems to be perfectly happy to run on virtual box with a Debian install. The host pc is running a local model. I’m quite impressed with what it’s capable of.

croes 5 hours ago | parent | prev [-]

That’s only half of the problem.

People give OpenClaw access to their online services like mails where it can also do damage.

A hardened environment doesn’t prevent those kind of damage

ziml77 5 hours ago | parent | next [-]

As people have pointed out in other threads, you don't even need access to these services to cause problems. As long as the AI can send any bytes out, it can leak information. Like you may think of an HTTP GET as read-only, but you can pack any data you want into the URL or headers.

avoutic 5 hours ago | parent | next [-]

In the end it will all be about separation of duty between agents in a larger team and isolating the ones that need more access to your private stuff.

Wardgate acts like a drop in replacement for curl with full access control at the url / method / content level, so you can allow specific curl access to specific APIs but prevent all other outbound connections. That's what I use for my PA agent. She's very limited and can't access the open internet. Doesn't need it either

leptons 4 hours ago | parent | prev [-]

You can also stuff data into a GET request body, I've seen some devs do it and I related my disapproval about it.

alt187 5 hours ago | parent | prev | next [-]

There's no hardening against idiocy.

avoutic 5 hours ago | parent | prev [-]

It does, of you use WardGate [1] and only allow read and archive access and only delete access on your inbox but nothing else for instance.

1 https://github.com/wardgate/wardgate