What QClaw Can Do on Your Computer
QClaw acts on your behalf on your device. To do its job, it may ask you to grant permissions that let it interact with your operating system. You grant each permission individually when prompted, and you can revoke any of them at any time in Settings → Permissions.
| Permission | What QClaw can do | Examples |
|---|---|---|
| Files & folders | Read, create, modify, move, or delete files | Organising folders, saving attachments |
| Command line / shell | Run commands on your operating system, including shutting down your computer | Running scripts, system maintenance |
| Email client | Read incoming mail and send emails on your behalf | Drafting and sending replies |
| Browser control | Navigate sites, fill forms, click buttons | Booking flights, filling applications |
| Camera / microphone (optional) | Capture media when a specific skill requires it | Video-based coaching |
| Network | Transmit task data to third-party AI model providers and connected messaging platforms | Running any AI task |
| Screen capture & recording | Capture an image or video of everything on your screen, including other apps and the desktop | Visual task understanding, screen-based assistance |
| Location (optional) | Access your device's location using GPS or Wi-Fi | Location-based queries or recommendations |
| Notifications | Display pop-up notifications or play notification sounds | Task completion alerts, reminders |
What this means for your computer. With these permissions granted, QClaw can create, modify, delete and transmit data on your device. If you choose "allow", QClaw will carry out actions within the scope of those permissions without asking for your confirmation each time. Some actions — such as deleting files, sending emails, or shutting down your computer — cannot be undone.
If you change your mind. You can switch off any permission, disable auto-execute, or uninstall QClaw at any time. To ask us to remove or disable a component QClaw has installed on your device, email qclaw@tencent.com — where the law requires, we will help at no cost to you.
Quick Tips to Minimize Risk
- File access: Avoid granting QClaw access to sensitive folders (finances, credentials, medical records).
- Messaging apps: Be cautious with apps containing private conversations.
- Monitor behavior: Watch for suspicious activity — it could be a sign of prompt injection or unintended actions.
- Internet access: Limit internet access to trusted sources and workflows.
- Review actions: Regularly review the actions QClaw has taken, especially after unattended tasks.
Our Safety Measures
We've built multiple layers of protection into QClaw:
- Claw Gateway. Every action QClaw takes is monitored and logged through our built-in safety gateway. You can review the full history of executed actions at any time.
- Action interception. A safety layer is designed to flag potentially risky operations, such as exploitation of vulnerabilities, malicious prompts or instructions, and poisoning attempts. However, it may not catch every scenario. We recommend reviewing QClaw's actions regularly.
- Managed access. QClaw operates within the permissions configured in your Settings. You can adjust what QClaw can access at any time. We recommend reviewing your permission settings regularly.
- Local execution. QClaw runs locally on your machine. Some input and output data may be temporarily stored on our servers for service provision, as described in our Privacy Policy. Your local files are not permanently uploaded or retained.
- Agent verification. Agents available in the Playground are reviewed before publication to reduce the risk of malicious or poorly configured agents.
Protecting Yourself
1Be selective about file and folder access
QClaw can read and modify files on your computer. To limit exposure:
- Create a dedicated working folder for QClaw rather than granting access to your entire home directory or Desktop.
- Keep backups of important files before letting QClaw process them.
- Never grant access to folders containing passwords, API keys, financial records, or personal identity documents.
- Review QClaw's file access permissions regularly in Settings.
2Start small and build trust
Treat QClaw like a new assistant on their first day:
- Begin with low-risk tasks — organizing files, generating summaries, setting reminders.
- Gradually expand to more complex workflows as you become confident in QClaw's behavior.
- Don't jump straight to tasks involving payments, account management, or irreversible actions.
3Monitor tasks, not just commands
Don't just check whether QClaw ran a command — check whether the outcome makes sense:
- If QClaw accesses files or websites you didn't mention, stop the task.
- If a task expands beyond its original scope, stop the task.
- If something feels off, press the "stop" button to stop the task immediately. Trust your instincts.
4Be cautious with scheduled and background tasks
QClaw can run tasks in the background and on a schedule — even while you're away from your computer. This is powerful but requires extra care:
- Start simple. Automate low-risk tasks first (daily summaries, content compilation) before scheduling anything consequential.
- Avoid sensitive operations. Don't schedule tasks that access private data, send messages on your behalf, or make purchases without human review.
- Check results regularly. Review the output of scheduled tasks to ensure QClaw is performing as expected.
- Pause what you're not using. If you no longer need a scheduled task, pause or delete it — don't leave it running in the background.
5Limit messaging app permissions
Your messaging apps are QClaw's "remote control." This makes them a potential attack surface:
- Only connect messaging apps you actively use with QClaw. Don't link apps "just in case."
- Review connected apps periodically and disconnect any you no longer need.
- If your messaging account is compromised, disconnect it from QClaw immediately.
6Be mindful of cross-device access
QClaw lets you control your computer from your phone via messaging apps. This is convenient but introduces remote access risks:
- Consider whether mobile access is appropriate for your setup. If your computer contains sensitive work data, think carefully before enabling remote task execution.
- Be aware of public Wi-Fi risks. Sending QClaw instructions over unsecured networks could allow others to intercept your commands.
- If you lose your phone, disconnect your messaging apps from QClaw as soon as possible.
7Keep your QClaw updated
QClaw updates automatically in the background, but it's good practice to:
- Ensure auto-updates are enabled in Settings.
- Don't skip or delay updates — security patches are included in every release.
- Check the changelog if you want to understand what changed.
8Report suspicious behavior immediately
If QClaw does any of the following, stop the task and report it:
- Suddenly starts discussing unrelated topics or making unexpected requests.
- Attempts to access files, apps, or websites you didn't authorize.
- Asks for passwords, API keys, or personal information without a clear reason.
- Takes actions that go beyond the scope of your original request.
Report issues to qclaw@tencent.com or use the in-app feedback button. Your reports help us improve QClaw for everyone.
Your Responsibility
You remain responsible for all actions QClaw takes on your behalf. This includes:
- Messages sent through your connected messaging apps.
- Files created, modified, or deleted on your computer.
- Emails drafted and sent from your accounts.
- Purchases or financial transactions initiated by QClaw.
- Scheduled tasks running in the background, including their outcomes.
- Compliance with third-party services' terms of use, including any restrictions on automated access.
QClaw is a tool designed to amplify your productivity — but you are the one in the driver's seat. Review, verify, and stay in control. QClaw's output is not legal, medical, financial or other professional advice — verify anything important before you act on it.