Clawdbot is really hot lately. When I first saw it, it was circulated in articles by foreigners, boosting searches for Mac mini. Recently, experts like Shenyu have also been discussing it, calling it a prototype of an AI OS. I had Claude help me study its architecture, and found that its core selling points—the Skills system, hierarchical memory, scheduled automation, and multi-platform message integration—highly overlap with my current personal workflow built using Claude Code + Skills + Obsidian. This indicates that this paradigm is on the right track, and Clawdbot has productized it. But I didn't dare to show off 😂 Mainly because I don't understand security and permissions well enough. Its main user session has full host permissions by default—bash execution, file read/write, and browser control. Those of us in the crypto industry know what's on the machine, and frankly, I can't assess the extent of this risk exposure. Its own documentation also states that prompt injection is not solved, and I'm not confident in configuring the permissions. I don't touch what I don't understand—a habit I've developed over years in crypto. It's not that it's bad; the architecture is indeed forward-thinking. I'll wait until my security capabilities are up to par, or I can first use Docker to isolate and run it without mounting the local directory, and then delete it when I'm done. At least I won't risk my main machine.

Native Insult Generation Assistant - I get it!

Actually, it's already more than enough for information processing. Being too greedy and giving out too many permissions is dangerous.