← Back to context

Comment by tcoff91

5 days ago

I hope none of your accounts are associated with that email address that can be read by an LLM that has access to untrusted input.

OpenClaw lives right in the prompt injection lethal trifecta.

The idea of an OpenClaw instance having the ability to reset passwords on your accounts sounds sketchy as shit to me.

2 comments

tcoff91

Reply
bryan0  5 days ago

Of course, you need to be careful about what access you give to your agent. I gave my agent its own email, and I can forward it emails if I need it to read anything in my inbox.

Everyone will have their own threshold for what type of access they want to give their agent. some people will give it access to their personal email, bank account, etc, but I wouldn't recommend it yet! But I bet in a couple years this will be standard practice.

  • tcoff91  4 days ago

    There’s a lot of humans I wouldn’t trust to be an assistant with access to my bank account. It’s bold to assume that within 2 years these things are going to be scam resistant.

    It’s going to be bleak when there’s articles about how “my agent fell for a scam and now my life savings are gone”.