OpenClaw gives an AI agent full access to your system. Here's why you should run it on an isolated cloud VM, and how to set that up.

SkyPilot

OpenClaw is a self-hosted AI agent that connects to messaging platforms and executes shell commands, browses the web, and manages files on the host machine. Its broad system access makes running it on a personal machine risky due to prompt injection attacks, real CVEs, and 21,000+ exposed instances found online. The recommended approach is running it on an isolated cloud VM with no personal credentials. A SkyPilot YAML configuration is provided to automate provisioning on AWS, GCP, Azure, or other clouds with a single command, SSH tunnel access (no open ports), and options for persisting state via S3 or rsync when tearing down the VM.

Don't Run OpenClaw on Your Main Machine

Why you shouldn’t run it on your main machine #