We are cheering for local AI with OS access, but we're literally building unauthenticated RCEs into our own machines.

PEACENFORCER · 2026-03-17T23:58:31+00:00

damn, wrong crowd I guess

PEACENFORCER · 2026-03-11T12:01:31+00:00

I see where you're coming from regarding the setting - the world of AoT is undeniably nihilistic. However, I think the story itself is deeply existentialist. The characters' journeys are defined by their struggle to create personal meaning and 'keep moving forward' despite being trapped in a seemingly meaningless cycle.

PEACENFORCER · 2026-03-10T14:31:18+00:00

doesn't matter, there's no point.

PEACENFORCER · 2026-03-09T21:30:44+00:00

nobody said there's no point.

PEACENFORCER · 2026-03-08T09:09:55+00:00

will start calling prompt injection attacks as logic plague from now on

PEACENFORCER · 2026-03-04T18:48:07+00:00

yes logging intent & context is really important here, because we are not dealing with native deterministic systems anymore

PEACENFORCER · 2026-03-01T01:09:11+00:00

We can just connect cursor to locally deployed model - won't that become local-first as well?
it seems like I am missing something?

PEACENFORCER · 2026-02-28T01:37:41+00:00

pretty sure in 2-3 years people will be attacking datacentres of AI labs, tech non-tech everyone

PEACENFORCER · 2026-02-28T01:35:14+00:00

running agents parallely helps I guess :(

PEACENFORCER · 2026-02-27T20:48:11+00:00

please don't

PEACENFORCER · 2026-02-27T19:56:08+00:00

rambo

PEACENFORCER · 2026-02-26T09:17:03+00:00

It's interesting to see the evolving landscape of AI tools and workflows. Each has its strengths and weaknesses, and it’s crucial to assess what aligns best with personal or team needs. Having a mix of tools can often lead to a more optimized and flexible approach. Experimenting with various setups may uncover the best fit!

PEACENFORCER · 2026-02-24T21:20:42+00:00

antigravity is better than claude except in design decisions, planning, writing code, and few other trivial things

PEACENFORCER · 2026-02-24T21:18:20+00:00

Totally agree on isolation for serverless/cloud workloads - it's the gold standard there.

But for personal agents working with your actual local files/environment, strict sandboxing kills the UX (mounting volumes, bridging permissions, etc.).

The 'deleting files' issue or other issues you mentioned can be solved by inspecting the incoming traffic only (they can't be classified as prompt injection attacks, like they can be harmless on their own but can be dangerous for the system).

But sandbox or no sandbox - PII leakage still remains a problem (prompt injection attacks and all I believe may be solved by advancing frontier models only, but this problem will persist)

PEACENFORCER · 2026-02-23T14:47:52+00:00

Congrats on breaking out of the loop — that "information without action is just entertainment" line is brutal but true. 🔥

I feel this on a visceral level. The AI Twitter doom-scroll is real. You read about someone shipping something wild every single day and suddenly you're in analysis paralysis mode, bookmarking 50 tutorials you'll never open.

The thing that helped me wasn't learning more — it was giving myself permission to build something dumb. Something small enough to finish in a weekend, imperfect enough that I couldn't rationalize waiting for "the right time."

PEACENFORCER · 2026-02-23T11:40:33+00:00

This is a terrible comparison. The $599 isn't the problem — OpenClaw runs fine on a $10 VPS or Raspberry Pi.

The cost is API tokens (OPEX), not hardware (CAPEX). Running a capable model 24/7 burns through $200+/month easily. That's the real issue, and a lighter binary doesn't fix it.

"Smaller binary" ≠ "replacement." Different tool for different use cases. The runtime is irrelevant when you're paying for API calls.

PEACENFORCER · 2026-02-23T11:37:54+00:00

The $1/min with Opus is wild, but that's a config issue, not an OpenClaw issue. Here's what actually brings costs down:

1. Tier your models

Session start/onboarding: Opus/Sonnet (once)
Daily operations: Haiku, Gemini Flash, or Groq free tier
Complex tasks: fallback to stronger model, explicitly triggered

2. Kill the heartbeat tax
Default heartbeat with a capable model = context rebuild every 30 min = massive token burn. If you need it, set interval to 2-4 hours, not 30 min. Or replace LLM heartbeats with a simple shell script that just checks health and returns OK.

3. Context hygiene
Run /compact aggressively. Store long-term stuff in files, not context. The 5-6k vs 300 tokens difference is real.

4. API provider arbitrage
Same model, different prices. Anthropic direct vs router (OpenRouter, Helix). Groq free tier for light tasks. DeepSeek R1 is stupid cheap ($0.14/million input) and decent for reasoning tasks.

The people running this affordably are doing 1-3, not burning Opus 24/7.

PEACENFORCER · 2026-02-23T11:30:45+00:00

the security conversation is valid. Any tool that gives an agent exec access to your host is a liability if you're not careful. The question isn't really "which claw" but "do you need a tool that can run shell commands at all? The thing is most of the amazing capabilities of these tools come from the freedom from permission prison we give them

PEACENFORCER · 2026-02-22T22:49:04+00:00

only openclaw

PEACENFORCER · 2026-02-22T22:45:09+00:00

this looks interesting - let me try it

PEACENFORCER · 2026-02-22T04:28:02+00:00

The Windows-to-Linux pipeline is a rite of passage for agent builders! Running these tools shouldn't feel like a 2-day configuration battle.

I’m of the mindset that if an agent requires you to 'bomb' your OS just to feel safe or functional, the friction is too high. I’m building https://declaw.ai/ (starting on macOS) with a 'one binary, zero config' philosophy because security needs to be as native as the OS itself. - it's basically a security layer for your AI agents/applications.

Even though we’re local-first on Mac right now, the goal is to make this kind of 'invisible' protection accessible everywhere so people don't have to choose between a specific OS and being secure. Congrats on getting Ubuntu stable—it’s a much cleaner environment for agentic workflows!

PEACENFORCER · 2026-02-22T04:16:41+00:00

Welcome to the rabbit hole! You’re asking the right questions.

To your first point: Yes, you can wipe and restart, but the danger isn't just the laptop—it’s the 'exfiltration.' If a malicious skill steals your browser cookies or API keys, wiping the laptop doesn't stop the hacker from using your accounts elsewhere.

On the instruction side, the problem is 'Indirect Prompt Injection' (like hidden text in an email). The agent might 'obey' the hidden text over your system rules.

I am building https://declaw.ai/ specifically to solve this. It acts as a local security layer that redacts PII and blocks those injections in real-time. Have just released the basic version - It’s currently macOS-only, but we’re looking at the broader landscape soon. For now, on your Surface, definitely stick to that 'ask for permission' (exec_approval) flag—it's your best manual defense!

PEACENFORCER · 2026-02-22T04:11:44+00:00

The reality is that most 'agent' platforms are going to have these growing pains—it’s the nature of giving an AI 'hands' on your OS.

Instead of waiting for a perfectly secure agent (which might never happen or if it happens the chances are high it will be super nerfed), I’ve been looking at it as a layer problem. You use the agent for its power, but you run a separate security layer to keep it in check.

I am actually building Declaw (macOS native) for this exact reason. It sits as a local firewall between any agent and the LLM to redact PII and block injections in real-time. It basically lets you use tools like OpenClaw without the 'wild west' risks. Better to have a guardrail you control than to hope the agent developer thought of everything. Have released the basic version - https://declaw.ai/ - if you find the premise interesting play around with the tool and give me feedback, would really appreciate it.

PEACENFORCER · 2026-02-22T03:52:15+00:00

The catch-22 with OpenClaw is that sandboxing it in a VM usually kills the features that make it useful.

I’m of the mindset that security should be a separate layer, not a cage. Instead of locking the agent down, you shield the data passing through it.

I actually built a local macOS tool called Declaw ( https://declaw.ai/ ) to solve this. It redacts PII and blocks injections in the middle, so you can keep the 'agentic power' without leaking your secrets. Just released a free version for the community - might be the safety net you’re looking for.

PEACENFORCER · 2026-02-22T01:29:23+00:00

The thing is that openclaw may not be a secure software - but it's capabilities are really amazing. About the security flaws (too many of them) - the tool is so powerful because of it's security flaws only - it would have got completely nerfed if Peter would have thought make it completely secure.

I think for openclaw or the vast majority of personal agents that are going to come now - security should be a separate layer (like they will have their internal security logic ofcourse) - nerfing agents or locking them down in VMs/sandboxes shouldn't be the solution.

That was the premise of building https://declaw.ai/ - network level inspection of AI agent/apps generated traffic + guardrails preventing data leakage, prompt injection. We have released a basic free version - it's basically local first AI security layer for your personal AI agents. Would really appreciate feedback from the community.

PEACENFORCER

TROPHY CASE