On the Claw

This past weekend I attended the Boston OpenClaw Hackathon, now I’m up and running, “On the Claw” as I’m calling it.

Question, how much security isolation do you really need? In practice there are a few levels of containment developers use when experimenting with tools like OpenClaw. The simplest approach is running the agent directly in your normal user account, which offers essentially no protection if the agent executes a destructive command. A step up is running the agent inside Docker, which isolates dependencies and makes environments reproducible but still exposes whatever folders or credentials you mount into the container. The strongest option is a full virtual machine, where the agent runs inside an entirely separate operating system. In that model, even catastrophic failures are contained inside the VM and the host machine remains untouched.

For my own experimentation, I chose a practical middle ground between convenience and safety: a completely separate macOS user account dedicated to the agent. I created a new account on my MacBook called “Claw McGee.” This account has its own home directory, its own workspace, and none of my personal files, SSH keys, or API tokens. The idea is simple: if an autonomous agent makes a mistake—running shell commands, editing files, or deleting directories—it can only damage the environment inside that user account. If things go sideways, the recovery plan is easy: delete the user account and start fresh. It’s not as airtight as a VM sandbox, but it provides meaningful separation while keeping the setup lightweight for day-to-day development.

To push the sandboxing concept further, I also gave Claw McGee its own online identity. The agent environment has a dedicated Gmail account and even its own Discord server, meaning the agent currently only communicates within systems that belong to itself. In other words, it’s effectively talking to its own ecosystem rather than interacting with my personal accounts or infrastructure. The runtime environment itself was installed using the Docker instructions from the Boston OpenClaw Hackathon repository: hackathon-Mar14-2026. Following that setup, and fighting with the networking got me up and running. For now, Claw McGee lives in a carefully fenced-off corner of my laptop—an autonomous coding agent learning to operate safely before it’s allowed anywhere near the real world.