That’s only half of the problem.

People give OpenClaw access to their online services like mails where it can also do damage.

A hardened environment doesn’t prevent those kind of damage

As people have pointed out in other threads, you don't even need access to these services to cause problems. As long as the AI can send any bytes out, it can leak information. Like you may think of an HTTP GET as read-only, but you can pack any data you want into the URL or headers.

	▲	avoutic 5 hours ago \| parent \| next [-]
		In the end it will all be about separation of duty between agents in a larger team and isolating the ones that need more access to your private stuff. Wardgate acts like a drop in replacement for curl with full access control at the url / method / content level, so you can allow specific curl access to specific APIs but prevent all other outbound connections. That's what I use for my PA agent. She's very limited and can't access the open internet. Doesn't need it either
	▲	leptons 4 hours ago \| parent \| prev [-]
		You can also stuff data into a GET request body, I've seen some devs do it and I related my disapproval about it.

▲

alt187 5 hours ago | parent | prev | next [-]

There's no hardening against idiocy.

▲

avoutic 5 hours ago | parent | prev [-]

It does, of you use WardGate [1] and only allow read and archive access and only delete access on your inbox but nothing else for instance.

1 https://github.com/wardgate/wardgate