Understanding the Risks
Because QClaw can execute real actions, it carries risks that traditional AI tools don't:
- It can connect to messaging apps (WhatsApp, Telegram, etc.) and receive remote instructions — meaning anyone with access to your linked account could trigger actions on your computer.
- It can read, create, modify, and delete files on your machine.
- It can access the internet, send emails, and interact with third-party services.
Key principle: Grant QClaw only the access it needs, and regularly review what it does.
Quick Tips to Minimize Risk
- File access: Avoid granting QClaw access to sensitive folders (finances, credentials, medical records).
- Messaging apps: Be cautious with apps containing private conversations.
- Monitor behavior: Watch for suspicious activity — it could be a sign of prompt injection or unintended actions.
- Internet access: Limit internet access to trusted sources and workflows.
- Review actions: Regularly review the actions QClaw has taken, especially after unattended tasks.
Built-in Safety Measures
- Claw Gateway: All actions are monitored and logged through a security gateway. You can review them anytime.
- Action interception: The safety layer flags potentially high-risk actions (file deletion, sending messages, financial transactions) — but it's not foolproof.
- Permission controls: You can adjust permissions in Settings.
- Local execution: QClaw runs locally, though some I/O data may be temporarily stored on our servers for up to 24 hours (local files are never permanently retained).
- Agent vetting: Agents in the Playground are reviewed before being published.
Disclaimer: Despite these safeguards, the possibility of attacks or unexpected behavior is not zero. Always exercise caution.
Protecting Yourself — 8 Steps
1Be selective with file & folder access
Create a dedicated working folder for QClaw. Don't open up your entire home directory or Desktop.
- Back up important files before processing.
- Never grant access to folders containing passwords, API keys, financial records, or identity documents.
2Start small, build trust
Begin with low-risk tasks (organizing files, generating summaries). Expand to complex workflows as your confidence grows.
- Don't jump straight into payments or irreversible actions.
3Monitor tasks, not just commands
Check that results make sense. If QClaw accesses files or websites you didn't mention, or the task goes beyond its scope — stop immediately.
4Be careful with scheduled & background tasks
- Start with low-risk automations (e.g. daily summaries).
- Avoid scheduling tasks that involve sensitive data, sending messages on your behalf, or making purchases.
- Regularly check outputs. Pause or delete tasks you no longer need.
5Limit messaging app permissions
- Only connect apps you actively use.
- Regularly review and disconnect unused apps.
- If a messaging account is compromised, disconnect it from QClaw immediately.
6Be mindful of cross-device access
- Consider whether mobile access is appropriate for your work environment, especially with sensitive data.
- Be aware of public Wi-Fi risks — commands could potentially be intercepted.
- If your phone is lost, disconnect it from QClaw immediately.
7Keep QClaw updated
- Make sure auto-update is enabled.
- Don't skip security patches.
8Report suspicious behavior immediately
If QClaw starts discussing unrelated topics, attempts unauthorized access, asks for sensitive information, or performs actions beyond what you requested — stop the task and report it.
Contact: hi@sg.qclaw.qq.com or use the in-app feedback button.
Your Responsibility
You are responsible for all actions QClaw performs on your behalf, including:
- Messages sent through connected apps.
- Files created, modified, or deleted.
- Emails sent.
- Purchases or financial transactions initiated.
- Background tasks and their results.
- Compliance with third-party service terms (including any restrictions on automated access).
Remember: QClaw is a tool to boost your productivity, but you're always in charge. Review, verify, and stay in control.