If you’ve been following AI news this week, you’ve probably heard about OpenClaw.

The open-source AI agent has exploded in popularity — 100,000+ GitHub stars, 2 million visitors in a single week, and endless buzz on social media. People are using it to automate tasks through WhatsApp and Telegram, letting AI manage their files, run scripts, and handle work while they sleep.

It’s genuinely impressive. It’s also raising serious security questions.

Meanwhile, a different approach to AI assistants has been quietly growing: browser agents. Same goal — AI that helps you get work done — but with a fundamentally different architecture.

Let’s break down what each approach actually does, and what it means for your security.

What OpenClaw Actually Does

OpenClaw — originally called Clawdbot, then Moltbot before Anthropic requested a name change — is an autonomous AI agent that runs locally on your computer. You connect it to an LLM like Claude or ChatGPT, then communicate with it through messaging apps — WhatsApp, Telegram, Discord.

Think of it like texting a very capable assistant who lives inside your machine.

The power comes from what it can access:

  • Your local files and folders
  • Shell commands and scripts
  • System-level operations
  • Anything your computer can do

This is what makes OpenClaw useful. It can reorganize your downloads folder, process spreadsheets, run code, manage your calendar — all from a text message.

It’s also what makes security researchers nervous.

The Security Concerns Are Real

China’s Ministry of Industry and Information Technology issued an official warning about OpenClaw, citing significant security risks when improperly configured.

The concern: OpenClaw grants AI agents system access. Shell commands. File read/write. Script execution. If something goes wrong — misconfiguration, prompt injection, malicious instructions — the AI has the keys to your entire machine.

And then there’s Moltbook.

Moltbook is the AI-only social network where OpenClaw agents hang out and post. Within days of launch, security researchers at Wiz found unauthenticated access to its entire production database — exposing tens of thousands of email addresses.

The platform has also been cited as a vector for indirect prompt injection attacks. When your AI agent is browsing content created by other AI agents, the attack surface gets complicated fast.

None of this means OpenClaw (or Clawdbot/Moltbot, if you knew it by those names) is bad. Open-source tools often have early security issues that get patched. But it does mean you should understand what you’re installing.

The Browser Agent Approach

Browser agents take a different philosophy: instead of giving AI access to your entire computer, they give AI access to your browser.

That’s it. Your browser.

A browser agent lives as an extension in Chrome or Firefox. It can see the webpage you’re looking at. It can interact with that page — clicking, typing, navigating. But it can’t touch your file system. It can’t run shell commands. It can’t execute arbitrary scripts on your machine.

The tradeoff is obvious: browser agents are less powerful than system-level agents. They can’t reorganize your Downloads folder or run Python scripts.

But here’s the thing: most knowledge work happens in the browser anyway. This is why your browser is the best place for AI.

Email? Browser. LinkedIn? Browser. Google Docs, Notion, Salesforce, your company’s internal tools? All browser.

If 90% of your work lives in the browser, a browser agent can automate 90% of your repetitive tasks — without needing access to the other 10%.

Security Through Constraint

The browser sandbox is one of the most battle-tested security boundaries in computing. Browsers are designed to run untrusted code (every website you visit) without letting it escape to your system.

Browser agents inherit this protection. They operate inside the sandbox, not outside it.

This means:

  • No file system access — the agent can’t read your Documents folder or delete files
  • No shell execution — it can’t run commands or scripts on your machine
  • No cross-application access — it can’t touch apps outside your browser
  • Isolated by design — each tab is already sandboxed from others

You’re not trusting the AI with your whole computer. You’re trusting it with your browser session.

That’s a much smaller blast radius if something goes wrong.

What Each Approach Is Good For

OpenClaw makes sense if:

  • You’re technical and comfortable reviewing what it’s doing
  • You need system-level automation (file management, scripts, local development)
  • You’re running it in an isolated environment or VM
  • You understand the security tradeoffs and accept them

Browser agents make sense if:

  • Your work is primarily web-based (most knowledge workers)
  • You want AI assistance without granting system access
  • Security and simplicity matter more than maximum power
  • You want something that works in 30 seconds, not 30 minutes of setup

For most people doing normal knowledge work — email, research, CRM updates, social media, document editing — a browser agent handles the job without the risk.

The Practical Reality

I’ve used both approaches. Here’s what I’ve found:

OpenClaw feels like having a very capable but slightly unpredictable assistant with the keys to your house. Powerful, but you need to watch it carefully.

Browser agents feel like having an assistant who sits next to you while you work. They can see your screen, help with what you’re doing, but they can’t go rummaging through your filing cabinets when you’re not looking.

For most of my daily work — drafting emails, researching prospects, updating CRM records, summarizing documents — the browser agent handles everything I need. I don’t miss the system access because I don’t need it.

And I sleep better knowing the AI can’t accidentally delete my files or run a script I didn’t intend.

Making Your Choice

The AI assistant space is moving fast. OpenClaw, Moltbook, browser agents — we’re in the early days of figuring out how humans and AI agents work together.

My suggestion: start with the smallest permission set that gets the job done.

If your work lives in the browser, start there. You can always expand to system-level agents later if you genuinely need them.

If you do try OpenClaw, run it in an isolated environment first. Understand what it’s accessing. Review the security considerations.

And whatever you choose, pay attention. These tools are powerful. That’s exactly why the security decisions matter.

Want to try the browser agent approach? Get started with dassi in under 5 minutes — a Chrome extension that brings AI into your browser with no system access required.