The openclaw security model is the equivalent of running as root - i.e. full access. If that is insecure the inverse of it is running without any access as default and adding the things that you need.

This is pretty much standard security 101.

We don't need to reinvent the wheel.

The unsolved security challenge is how to give one of these agents access to private data while also enabling other features that could potentially leak data to an attacker (see the lethal trifecta.)

That's the product people want - they want to use a Claw with the ability to execute arbitrary code and also give it access to their private data.