This is so scary we were attacked 7,922 times over the weekend after using Clawdbot. There are hundreds of Clawdbot servers exposed to the open internet this week. Credential dumps. API keys in plaintext. The thing people missed is that you're not the only input to your agent. Every email it reads, every calendar invite, every webpage it visits is content someone else wrote. Random person DMs you? That's now input to a system with shell access. If you're going to use it, treat it like onboarding a contractor. Dedicated machine or VPS. Separate accounts. Minimal permissions to start. Run it behind Tailscale so it's not exposed to the public internet. Run clawdbot doctor regularly and let it fix itself. The bigger idea is that agents need their own identities. Own devices, own accounts, own credentials. Not piggybacking on yours. Also please stop buying Mac Minis for this. You can run it on AWS free tier in five minutes or a $5 VPS.