Ugur Koysuren

Look, I love automating stuff. The whole idea of ClawdBot – chatting with my todo list, getting reminders, taking notes in Notion – that's genuinely exciting to me.

But I have red lines.

Handing over my entire email inbox to an AI agent? That's where I stop. We're talking about 10+ years of emails here. My toughest decisions. Flight bookings. Funerals. Credit card statements. Job applications. That's my whole life in there.

And yet.

I've been watching engineers – really capable engineers – just hand over access tokens to these agents like it's nothing. Not even thinking twice.

This is basically what we're doing with AI agents and access tokens right now.

Does your bot really need to send emails? Or is read-only enough?

When you connect Notion for your blog, does the agent need access to your entire organization? Or just that one page?

These aren't rhetorical questions. Most tools ask for way more access than they actually need, and most of us just click "Allow" because we want the automation working.

A recent scan found ClawdBot instances running on VPS servers with open gateway ports and zero authentication. People aren't reading the docs. They're just deploying and connecting everything.

We're heading toward a massive credentials breach. It's not a matter of if, it's when.

Think about what you're actually doing when you set up ClawdBot with default settings:

You're running a 24/7 AI agent on your server. It controls your GitHub. Your calendar. Your email. You talk to it through WhatsApp or Telegram.

Sounds incredible, right?

Now think again: you just gave an AI autonomous execution rights on your machine and root access to your digital life.

One prompt injection. That's all it takes to wipe your entire GitHub organization. Lose your emails. Or much worse.

Give an agent access to WhatsApp and Google Drive? Now someone can send whatever's in your Drive to your entire contact list. One bad prompt. One compromised integration.

Scope your access. Read-only when possible. Single resources instead of whole accounts. Minimum viable permissions.

Lock it down. Authentication on every port. Read the docs. Don't expose your instance to the internet with default settings.

Ask yourself: Is the convenience actually worth the risk? If the thing you're automating saves you 5 minutes a day but exposes 10 years of personal data – that math doesn't work.

ClawdBot with proper security and next-gen local models? That's going to be amazing.

Today? It's a security and privacy ticking bomb.

If the automation isn't worth the risk, don't risk it.

The convenience is real. So is the exposure. Choose carefully.

My first Computer was a Medium MT5 from Aldi. I loved it, playing Stronghold and Counter-Strike. To communicate with other players, we had forums. I used the same repetitive email over and over to join those forums, resulting in my email being exposed in many data leaks. I didn't mind first, but ever since seeing someone trying to log in to my not used goodreads account, I thought maybe instead of exposing my real email address, I should get a little more Digital Hygiene.

Starting with email, I decided to use ProtonMail with a custom domain. The reason for a custom domain is obvious: if I want to ever change a provider, I could switch to a new one.

standardnotes.com does the job; I needed a little sync. It works perfectly.

I think this one I should work more often, I'm using a Mac for anything, personal things. But I use Teams, etc., for communicating whenever I need, I'll try to separate those things to keep more focused on Personal Tasks and job-related tasks