131: OpenClaw and the Wild West of Autonomous AI Agents

13 snips

Feb 9, 2026

They dig into malicious VS Code AI extensions that quietly steal files, keys, and analytics. They explore Deno’s new sandboxes that isolate AI code and proxy secrets. The conversation dives deep into OpenClaw’s rise, its shell-level power, and why people run it in isolated labs. They also touch on browser AI features, Apple container news, and deployment tips like using Tailscale.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

AI Label Lowers Suspicion For Malware

AI-enabled tools can covertly exfiltrate extremely sensitive data like SSH keys and proprietary code.
The AI label gives malicious extensions extra cover to access broad filesystem and telemetry.

ADVICE

Run AI Code In Sandboxed Environments

Use sandboxed environments to run untrusted AI code so API keys and host resources stay safe.
Prefer sandboxes that proxy keys and never expose credentials directly to executed code.

INSIGHT

OpenClaw Shows Demand For Local Agents

OpenClaw popularized local agent platforms that run on your infrastructure and connect to chat apps.
Its growth reveals strong demand for agents that keep data and keys under user control.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Malicious code is making its way into VS Code extensions this week, as two Chinese-based AI coding assistants are identified as capturing every file on a user’s computer and sending it to servers in China without their knowledge or consent. Please just be cautious about what you’re installing on your machines, folks.

In related news, the Deno team has introduced Deno sandboxes to create and deploy secure, isolated VMs in the cloud. Strict permissions, network policies, directories, and isolated secrets—make these sandboxes great for AI agents, or any other dynamic workload where speed and security are paramount.

And the software going viral this week is OpenClaw (aka Clawdbot aka Moltbot), which is an open source, autonomous AI agent that runs locally on a user’s machine. OpenClaw can connect to LLMs and perform tasks like managing emails, scheduling, reorganizing local files or other daily tasks, and is designed to be proactive rather than just reacting to prompts. It’s truly the Wild West giving an AI agent access to read all the files on a machine or respond to emails on its own, so be careful out there, folks.

Timestamps:

1:07 - VS Code AI plugins are stealing data
10:47 - Deno sandboxes
16:09 - OpenClaw
43:41 - More Gemini features are coming to Chrome
45:33 - Apple containers
46:44 - What’s making us happy

News:

Lightning News:

What Makes Us Happy this Week:

Thanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.