I'd argue there's really no way to make OpenClaw truly safe, no matter what you do. The only place it really makes sense is within trusted environments, like B2B coordination or tightly controlled processes between systems that share the same assumptions.

The moment it steps outside that boundary, you're sending the bot into unpredictable territory. At that point, things can get ambiguous pretty quickly, and in some cases even adversarial.