Comment by embedding-shape

1 day ago

I think the security worries are less about the particular sandbox or where it runs, and more about that if you give it access to your Telegram account, it can exfiltrate data and cause other issues. But if you never hand it access to anything, obviously it won't be able to do any damage, unless you instruct it to.

6 comments

embedding-shape

Reply
kzahel  1 day ago

You wouldn't typically give it access to your own telegram account. You use the telegram bot API to make a bot and the claw gateway only listens to messages from your own account

  • embedding-shape  1 day ago

    That's a very different approach, and a bot user is very different from a regular Telegram account, it won't be nearly as "useful", at least in the way I thought openclaw was supposed to work.

    For example, a bot account cannot initiate conversations, so everyone would need to first message the bot, doesn't that defeat the entire purpose of giving openclaw access to it then? I thought they were supposed to be your assistant and do outbound stuff too, not just react to incoming events?

    • arcwhite  1 day ago

      Once a conversation with a user is established, telegram bots can bleep away at you. Mine pings me whenever it puts a PR up, and when it's done responding to code reviews etc.

      3 replies →