Why there's nothing you can do about OpenClaw and prompt injection

PSA: Even if you run everything on a Mac Mini or Mac Studio, only inbound traffic is locked down - outbound traffic (email and website communication) is wide open. Which is why prompt injection and data exfiltration is still an unsolved problem for OpenClaw.

What you can do is only share with it info that you don't mind leaking. For me, I gave it my public blog posts and general info about myself. I did give it a few API keys but nothing that would run up costs if someone got them and abused them. I'm mindful of what I tell it in conversations. I gave it its own Gmail account and in its check-email cron job I told it to ignore all senders other than me.