Don't Run OpenClaw on Your Main Machine
This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).
OpenClaw is a self-hosted AI agent that connects to messaging platforms and executes shell commands, browses the web, and manages files on the host machine. Its broad system access makes running it on a personal machine risky due to prompt injection attacks, real CVEs, and 21,000+ exposed instances found online. The recommended approach is running it on an isolated cloud VM with no personal credentials. A SkyPilot YAML configuration is provided to automate provisioning on AWS, GCP, Azure, or other clouds with a single command, SSH tunnel access (no open ports), and options for persisting state via S3 or rsync when tearing down the VM.
Table of contents
What OpenClaw does #Why you shouldn’t run it on your main machine #Your isolation options #Setting up OpenClaw on a cloud VM #Simplifying with SkyPilot #What isolation buys you #Wrapping up #Appendix A: Persistent storage with S3 #Appendix B: Syncing state with rsync #Sort: