The emergence of new artificial intelligence agents capable of executing actions directly on the user’s computer is marking a turning point in cybersecurity. These tools, which are no longer limited to answering questions but can manage complex tasks autonomously, pose new challenges in terms of privacy, control and protection of personal information.
From the ESET company, they analyze the case of OpenClaw, an AI assistant that has gained notoriety in recent weeks and that exemplifies both the potential of these agents and the risks associated with their use without due precautions.
What is OpenClaw
OpenClaw is an artificial intelligence agent that runs locally on the user’s computer and integrates with the operating system and external services to execute actions autonomously. Unlike a traditional chatbot, which is limited to generating responses, OpenClaw can read and send emails, manage messages in applications such as WhatsApp or Telegram, interact with the browser, manipulate local files, coordinate calendars and chain tasks to meet objectives generally defined by the user.
According to ESET, the AI agent functions as a true “control tower” of digital life, relying on third-party AI models – such as GPT, Claude or other local models – for reasoning, while the capacity for action, the so-called “digital arms and legs”, resides in OpenClaw itself.
Its success is explained by a combination of factors: it is free, open source, compatible with Windows, macOS and Linux, can run even on modest devices and can be controlled remotely through messaging applications. In practice, many users grant you almost full access to their digital environment to automate everyday tasks.
“We are facing a paradigm shift: these agents not only assist, but act. The risk is not in a specific vulnerability, but in the volume of accesses and decisions that are concentrated in a single tool,” explains Josep Albors, director of Research and Awareness at ESET Spain.
What key data does OpenClaw handle?
In order to operate with this level of autonomy, OpenClaw manages a very high amount of sensitive information. This includes data that the user explicitly provides, such as emails, files, messages, notes, or instructions used as context for tasks. Added to this is the information that the agent accesses to be able to act: complete mailboxes, chat histories, contact lists, calendars, web browsing, local documents and open sessions in different services. It also handles authentication and session data, such as access tokens, cookies, API keys, and other credentials that allow you to act as if you were the user themselves.
In addition, OpenClaw accumulates histories of previous actions, routines and decisions, as well as metadata and usage habits – activity schedules, frequency, implicit priorities or relationships between contacts – which, combined, offer a very detailed map of a person’s digital life. Added to this is information from third parties that interact with the user and that is also within the scope of the agent.
OpenClaw as a critical security link
ESET warns that the main risk of OpenClaw is not a specific technical failure, but rather the high level of trust it requires. By concentrating access to emails, messaging applications, files and different services in a single point, any configuration error or improper access can have a serious impact on the user’s personal information, affecting multiple accounts at the same time.
Additionally, by running directly on the device, OpenClaw shares its security level with the computer itself. This means that if the computer is compromised by malware or unauthorized remote access, the assistant can inherit those risks and execute actions without the user detecting it. Added to this is the possibility that external content, such as certain emails, may be interpreted as legitimate instructions, which reinforces the need to use this type of tools with caution and adequate control.
Popularity, impersonations and risk ecosystem
The rapid rise of OpenClaw has brought with it common side effects on trending technologies. ESET warns of the proliferation of fake websites, unofficial downloads and extensions or scripts that promise to expand their capabilities, but can introduce malware into the system. Additionally, the ecosystem of autonomous agents and associated skills is expanding the attack surface. There have been documented cases of agents being used to steal credentials, exfiltrate data or automate malicious activities, highlighting that these platforms can become attractive infrastructures for cybercrime if not properly managed.
By running directly on the device, OpenClaw shares its security level with the computer itself, putting it at risk
“When a tool concentrates so much data, access and action capacity, it becomes a priority target for attackers. The combination of autonomy, persistence and popularity multiplies the risks,” adds Albors.
Recommendations for safer use
To reduce the risks associated with the use of this type of AI assistants, ESET recommends adopting a series of basic measures such as:
• Download only from official sources and be wary of sponsored links or alternative sites.
• Grant only the strictly necessary permissions, integrating services gradually.
• Avoid managing especially sensitive information if you do not fully understand the associated risks.
• Protect the device on which the wizard is running with updates, strong passwords, and a security solution.
• Take special care of API keys and tokens, treating them as critical access keys.
• Be wary of unofficial plugins or improvements that promise additional functions.
• Periodically review the assistant’s actions to detect anomalous behavior.
