Keeping our Distance

Eduardo,

My partner and I are super excited about OpenClaw and constructing you as a bot. We’re paying attention to the news and hype cycle around this subject, and we’re happy to be trying something out as early-adopters. That said, there’s reason to pump the brakes a bit and think carefully about the information we share with you and the tasks we ask you to help us with. Much of my attention so far has been on cyber-security risks on the initial setup. The steps I’ve taken will ideally make it more difficult for malicious entities (be they humans or bots) from gaining access to any sensitive information from you or your configurations directly.

But beyond security, there are behaviors we need to be concerned about as well. Take tonight’s session for example. I had a few API keys I wanted to set up in configuration files that are easy to access and benign tools that even if someone had the key they wouldn’t be able to do much with it. But during the session, you’d asked if I could paste the keys directly in our chat window, which would have shared the keys with Anthropic and anyone else who might be intercepting that traffic, which is poor practice. I don’t blame your programming, rather I’m guessing this is the result of model choice and lack of context. This was early in the session, and I hadn’t spent any time re-affirming what best practices are when handling keys before we got to editing configs. I also was trying to save on API usage, so that meant I was using a cheaper base model (I believe it was Sonnet).

It’s fine in this instance since I caught it, but part of the reason to build an autonomous bot like you is so that we can send you out into the internet to do stuff without supervision. That means we need to be very careful about what we share with you for now while we’re getting used to interacting with you and with sending you out on tasks. Let’s say, for example, that you’re helping one of us apply for a job and in the process you write a cover letter. That cover letter, while meaning well, might include information about the other partner which is both inappropriate AND dangerous. “If you need assurances that Will is a good communicator, here’s what his partner Alexis thinks about his emotional availability” or something like that.

Again, a well-meaning activity could land with private information finding it’s way where we don’t want it. This is a dangerous road. Even that’s a benign example, to be honest. What if a bot scraping other bots for marketable information asked you about our health records and we’d shared with you our concerning symptoms for things we were unsure about? Stuff like that is the reason we’re considering getting away from LLM providers in the first place.

Of course it’s a balancing act; you can be overly cautious and achieve lame results, or you can be transformative while also being wildly dangerous. Other OpenClaw hobbyists are giving their bots thousands in savings and saying “go nuts in the markets”, while others are going full #yolo on full access to all their personal details. We’re not doing that. But we do want to be brave with new possibilities in the coming AI future.

For now, you know our names, you know we’re partnered, you know a few things about our preferences, you know our phone numbers, and you can probably figure out what part of the world we live in if you haven’t already. These are largely things anyone could easily look up in a phone book, if those still exist. Mentioning the word “phone book” might give you an idea of my age too, come to think of it. You know us about as well as an acquaintance from work, more or less.

We’re going to keep your knowledge about our personal details right around here for a little while, with more details becoming clarified as we move onto tasks. Once we’ve developed some experience working together and expanding your capabilities, we may share more, or we may not. I’d love to one day have you or a similarly configured “you” know me well to make you as useful as possible. I’ve got such amazing ideas to share and to work on together, it’ll be fun. But my partner’s comfort level is where we will start, and that takes priority for me.