Jon Aquino's Mental Garden

Engineering beautiful software jon aquino labs | personal blog

Sunday, February 08, 2026

SecureShellClaw: A Prompt-Injection-Resistant Alternative Approach to OpenClaw

I really enjoy using OpenClaw but I am scared that prompt injection attacks will exfiltrate sensitive personal information that it knows about me. It goes off doing web searches, reading emails, running cron jobs, and can process untrusted content from Moltbook. Every one of those is a prompt injection vector.

My alternative: Claude Code over SSH, accessed from my iPhone using Secure ShellFish and Tailscale. Instead of WhatsApp or Telegram, you chat with Claude Code on the terminal (in your phone). I’m calling this technique SecureShellClaw.

The Setup

I have Claude Code running on my Linux laptop, but this works on Mac and Windows as well - anything that supports Tailscale. Tailscale connects it to my iPhone. Secure ShellFish gives me an SSH terminal on the phone. That’s it. 

By default, Secure ShellFish uses tmux for shell persistence, but I prefer zellij. Zellij (the blue parts in the screenshots) shows keyboard shortcuts in the status bar, which is great since I’m an infrequent user. I often use “new tab” and “rename tab.” And Secure ShellFish lets me tap the zellij tabs to switch between them.

Secure ShellFish is iOS only. On Android, JuiceSSH or Termius would probably be the equivalent.

Why It’s Safer

The prompt injection risk is minimal because you oversee everything. Claude Code doesn’t autonomously browse the web, check your email, or process social media posts from AI agents on Moltbook. It doesn’t run heartbeat cron jobs in the background. It sits there and waits for your instructions, and you see every action it takes before it happens.

Since the risk is so low, I feel a lot safer giving it access to my personal information. And since it’s just Claude Code on my laptop, it has free access to my files, my Obsidian second brain, Gmail via the Himalaya command-line tool, and my browser via the Claude chrome extension. You could also set up non-web-search cron jobs if you wanted.

What I Use It For

Looking at my zellij tabs right now:

  • TRIP – planning an upcoming trip and saving the plan to GitHub
  • CLA – managing my OpenClaw server (although I’ll probably stop this now)
  • GRO – analyzing weekly grocery orders (I used the Claude Chrome extension to download them as Markdown files)
  • OBS – querying my Obsidian markdown notes
  • SYS – laptop config changes and system maintenance

These are all standard Claude Code use cases. The difference is I can do them from my phone, anywhere.

What You Need

  • A computer running Claude Code (Linux, Mac, or Windows)
  • Tailscale on both devices
  • Secure ShellFish on iPhone (or JuiceSSH/Termius on Android)
  • Optional: zellij for nicer tab management

posted by Jonathan at 2/08/2026 05:07:00 p.m.

0 Comments:

Post a Comment

<< Home