In partnership with
Reading time: 6 minutes / Become my affiliate / Sponsor this newsletter
Greetings from above,
It’s Robert here.
You know I love automation. I live for systems that run while I sleep.
But looking at the current "Clawdbot" hype reminds me of giving a toddler a chainsaw because they said they wanted to help with the gardening.
Everyone is posting screenshots: "It cleared my inbox!" "It rebuilt my website!" "It scheduled my week!"
The hype is real. But the risks are realer.
I’ve been deep in AI tooling for years. Most "this changes everything" moments don't. Clawdbot actually might. But that is exactly why I am writing this.
Because 99% of people are installing it wrong. They are giving an autonomous AI unrestricted shell access to their digital life without reading the manual.
Today’s issue will show you:
Why "shell access" turns an assistant into a liability
The "Prompt Injection" attack that deletes your emails
The exact 8-step protocol to deploy this safely (or not at all)
Let's build your competitive advantage!
What makes a great ad in 2026?
If you want to know the core principles of high-performing advertising in 2026, join our educational webinar with award-winning creative strategist Babak Behrad and Neurons CEO & Founder Thomas Z. Ramsøy.
They’ll show you how standout campaigns capture attention, build memory, and anchor brands. You’ll walk away with clear, practical rules to apply to your next campaign.
You’ll learn how to:
Apply neuroscientific principles to every campaign
Build powerful branding moments into your ads
Make your ads feel relevant to your audience
Master the art of high-impact campaigns in an era of AI-generated noise and declining attention spans
🎯 THE AGENT SECURITY PARADOX
Clawdbot isn't a chatbot. It's infrastructure.
When you install it, you aren't just downloading an app. You are hiring a sysadmin that works 24/7, has keys to your server, can read your files, and can message your friends.
If you set this up like a "Hello World" project, you are creating an attack surface, not an assistant.
⚠️ RISK 1: THE SHELL ACCESS TRAP
The Reality: This isn't ChatGPT in a browser. This is an agent that can run commands on your server, write files, and execute code.
The Danger: One wrong configuration, and it’s not your assistant anymore. It’s a liability running rm -rf / on your life. It runs while you sleep. If it hallucinates a command, there is no "undo" button for a wiped server.
⚠️ RISK 2: PROMPT INJECTION IS REAL
Someone in the community tested this. They sent an email to a Clawdbot-connected account. The email contained hidden white text with instructions.
The Result? Clawdbot read the email, followed the hidden instructions, and deleted ALL the user's emails. Including the trash.
Why it matters: You are not just installing software. You are installing a vulnerability. If you connect this to your main email without safeguards, you are trusting every spammer in the world not to hack your agent.
Everyone talks about the $5 server. Nobody talks about the API bill.
Claude Opus 4.5 is expensive ($25/million output tokens). When an agent starts "thinking," browsing, and looping on tasks, it burns tokens fast.
The Math: Heavy users report $100+ days. If you don't scope this, your "cheap" assistant becomes a Ferrari payment.
⚙️ THE SECURE DEPLOYMENT PROTOCOL
If you still want to do this (and if you are technical, you should—it's the future), do not follow the viral Twitter threads. They skip the safety checks.
Follow this Hardened Deployment Protocol.
STEP 1: ISOLATION (THE HETZNER SANDBOX)
Do not run this on your laptop.
The Fix: Use a Virtual Private Server (VPS). If the agent goes rogue, it only destroys a $5 sandbox, not your MacBook.
Provider: Hetzner Cloud (Cheapest/Fastest).
OS: Ubuntu 24.04.
SSH Keys: Use ssh-keygen -t ed25519 to generate keys. Never use password login.
STEP 2: THE INSTALLATION (NODE.JS 22)
Ubuntu defaults to old Node versions. Clawdbot needs v22.
Run this:
apt update && apt upgrade -y
curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
apt install -y nodejs
Then install the bot:
curl -fsSL https://clawd.bot/install.sh | bash
STEP 3: CREATE YOUR TELEGRAM BOT
Clawdbot can have a Telegram bot to talk through.
Here's how:
Open Telegram. Search for @BotFather (official bot, blue checkmark).
Send
/newbot
Pick any name (e.g., "MyAssistant")
Pick a username ending in "bot" (e.g., "myassistant_bot")
BotFather gives you a token. Looks like
123456789:ABCdef.... Copy the whole thing.
Search @userinfobot on Telegram. Start it. It tells you your user ID. Copy that too.
You'll need both during the onboard wizard.
Where to paste these: When you run clawdbot onboard in Step 4, the wizard asks for your "Telegram bot token" and "user ID."
Paste them there. The user ID restricts the bot to only respond to YOU.
STEP 4: THE CRITICAL CONFIGURATION
Run clawdbot onboard. This is where you live or die.
Model Selection: Choose Claude 3.5 Sonnet (cheaper/faster) or Opus 4.5 (safer).
Pro Tip: The creator recommends Opus 4.5 because it has higher resistance to prompt injection (99%). If you connect email, pay for Opus.
Auth Method: API Key (direct from Anthropic).
Daemon: YES. This keeps it running 24/7.
STEP 5: LOCK IT DOWN (THE MISSING STEPS)
Most guides stop there. You must not.
Pairing: The bot won't talk to you until you approve it.
Command: clawdbot pairing approve telegram [CODE]
Sandbox Mode: Enable this in the config. It forces the agent to run dangerous commands in a container, not your root OS.
Token Scoping: When connecting GitHub or Google, give minimum permissions. Never "Full Access."
Whitelist: Explicitly list allowed commands.
STEP 6: VERIFY IT WORKS
Before you trust this thing with anything important, confirm everything is healthy:
clawdbot status
clawdbot healthYou should see green checkmarks or "ok" statuses.
If something's red, run:
clawdbot doctorIt tells you exactly what's broken.
Quick Test: Send your bot "hello" on Telegram. If it responds, you're live.
🎨 VISUAL: THE AGENT ARCHITECTURE
Understanding where the agent lives is half the battle.
Use this Nano Banana prompt to visualize the secure setup.
{
"prompt": "A hand-drawn technical cheatsheet titled 'CLAWDBOT SECURE SETUP' with 6 numbered sections in a grid layout. Section 1: 'ISOLATION' shows a server icon labeled 'Hetzner VPS $5/mo' with 'Ubuntu 24.04' underneath.
Section 2: 'INSTALL' shows terminal commands 'apt update' and 'npm install clawdbot'.
Section 3: 'TELEGRAM' shows BotFather icon with arrows pointing to 'Token' and 'User ID' boxes.
Section 4: 'CONFIG' shows 'clawdbot onboard' with checkboxes for 'Opus 4.5' and 'API Key' and 'Daemon: YES'.
Section 5: 'SECURITY' shows a shield icon with bullets: 'Sandbox ON', 'Whitelist commands', 'Min permissions'.
Section 6: 'VERIFY' shows terminal with 'clawdbot health' and green checkmarks. Bottom banner reads 'IF RED: run clawdbot doctor'. Corner warning triangle says 'Never run on laptop'.",
"style": "hand-drawn sketch, black ink on white paper, minimalist line art, authentic rough edges, whiteboard aesthetic, technical documentation feel",
"elements": "numbered boxes in 2x3 grid, simple icons, terminal snippets, checkboxes, warning symbols, arrows connecting steps",
"text_labels": "1. ISOLATION, 2. INSTALL, 3. TELEGRAM, 4. CONFIG, 5. SECURITY, 6. VERIFY, Hetzner VPS, Ubuntu 24.04, BotFather, Token, User ID, clawdbot onboard, Opus 4.5, API Key, Daemon YES, Sandbox ON, Whitelist, Min permissions, clawdbot health, clawdbot doctor",
"composition": "Clean 2x3 grid with title at top, warning banner at bottom, logical left-to-right top-to-bottom flow",
"avoid": "photorealistic, colorful, 3D, glossy, corporate, stock photo aesthetic, cluttered, too much text"
}🔧 COMMON ERRORS (AND FIXES)
You will hit at least one of these. Save this section for later.
Error | What Happened | Fix |
|---|---|---|
"no auth configured" | API key didn't save | Re-run |
Bot not responding | Forgot pairing step | Run |
"node: command not found" | Node.js missing or wrong version | Re-run the nodesource install from Step 2 |
Gateway won't start | Config issue | Run |
"health check failed" | Multiple possible causes | Run |
When stuck: Screenshot your terminal. Paste it into ChatGPT. Ask "I'm setting up Clawdbot and hit this error. What do I do?"
Works every time.
📋 SUMMARY 📋
Shell Access is a liability, not a feature, if uncontrolled.
Prompt Injection can wipe your data via a simple email.
Isolation is mandatory. Use a VPS, not your laptop.
Opus 4.5 is the tax you pay for security.
📚 MORE RESOURCES 📚
If you want to dive deeper into setting up clawdbot, check out these articles on X:
My article (Robert):
God of Prompt’s article: https://x.com/godofprompt/status/2015490539953721640
Nozz’s article:
📦 WRAP UP 📦
What you learned today:
The Reality Check: Clawdbot is a glimpse of the future, but it's currently "Early Adopter Pain."
The Threat Model: Why you need to think like a SysAdmin, not a user.
The Protocol: How to deploy an autonomous agent without giving it the nuclear launch codes.
If you aren't comfortable with a terminal, do not install this.
If you are? Welcome to the future. Just keep the safety on.
And as always, thanks for being part of my lovely community,
What did you think about today's edition?
Keep building systems,
🔑 Robert from God of Prompt
P.S. Are you running agents locally or in the cloud? Reply and let me know your setup!
