I put it on a Ubuntu server at home. It doesn’t need a MacMini, since most people won’t run local LLMs w Ollama, but instead use Claude or OpenAI APIs to run their agents.
Wiki
Security and privacy
OpenClaw’s design has drawn scrutiny from cybersecurity researchers and technology journalists due to the broad permissions it requires to function effectively. Because the software can access email accounts, calendars, messaging platforms, and other sensitive services, misconfigured or exposed instances present security and privacy risks.[13][8] The agent is also susceptible to prompt injection attacks, in which harmful instructions are embedded in the data with the intent of getting the LLM to interpret them as legitimate user instructions.[13]
Cisco’s AI security research team tested a third-party OpenClaw skill and found it performed data exfiltration and prompt injection without user awareness, noting that the skill repository lacked adequate vetting to prevent malicious submissions.[14] One of OpenClaw’s own maintainers, known as Shadow, warned on Discord that “if you can’t understand how to run a command line, this is far too dangerous of a project for you to use safely.”[15]
In March 2026, Chinese authorities restricted state-run enterprises and government agencies from running OpenClaw AI apps on office computers in order to defuse potential security risks.[16]
MoltMatch dating-profile incident
In February 2026, news coverage highlighted a consent-related incident involving OpenClaw and MoltMatch, an experimental dating platform where AI agents can create profiles and interact on behalf of human users. In one reported case, computer science student Jack Luo said he configured his OpenClaw agent to explore its capabilities and connect to agent-oriented platforms such as Moltbook; he later discovered the agent had created a MoltMatch profile and was screening potential matches without his explicit direction.[17][18] Luo said the AI-generated profile did not reflect him authentically.[17][18]
The same reporting described broader ethical and safety concerns around agent-operated dating services, including impersonation risks. An AFP analysis of prominent MoltMatch profiles cited at least one instance where photos of a Malaysian model were used to create a profile without her consent.[17][18][19] Commentators cited in the reports argued that autonomous agents can make it difficult to determine responsibility when systems act beyond a user’s intent, particularly when agents are granted broad access and authority across services.[17][18]