February 13, 2026

Ports, Proxies & Pitchforks

Article URL →HN comments →

I ditched OpenClaw and built a more secure AI agent (Blink and Mac Mini)

Dev swaps OpenClaw for ‘safer’ Mac Mini AI — comments erupt over privacy and hype

TLDR: A dev dumped OpenClaw to run a Mac Mini–based agent with private networking to avoid accidental exposure. Commenters argue the real danger is sending personal data to cloud AIs, while others mock the “more secure” branding and question the post’s rapid rise to the front page.

OpenClaw promised a home‑run personal AI on your own box. Then researchers found loads of installs accidentally open to the internet. Cue one dev ditching it for a homebrew on a Mac Mini with private networking, two isolated “agents,” and no public ports. He claims it sips ~10W and uses tools like Tailscale to keep things locked down.

But the crowd? Spicy. One camp shrugs at the “open ports” panic, saying most people are behind home routers anyway and this is a one‑line fix. The louder camp blasts the bigger elephant: shipping your life to cloud AIs. As one put it, if your agent sends your files to a remote model, your “secure” rig is just a shiny courier for your secrets. The sarcasm meter red‑lined with quips like “more secure AI agent is like most secure Windows yet.”

Then there’s the meta‑drama: one commenter questioned who actually wrote the code and how the post hit Hacker News front‑page so fast. Meanwhile, bargain hunters hijacked the thread with a $400 Mac Mini Micro Center deal and tales of price‑matching glory. Verdict from the peanut gallery: fun project, neat power stats, but the real fight is privacy versus convenience — and whether “do‑it‑yourself” actually means “do‑not‑trust‑the‑cloud.”

Key Points

  • OpenClaw gained rapid adoption as a personal AI assistant running on user-owned hardware and integrating with email, calendar, and messaging apps.
  • Security researchers found thousands of OpenClaw instances exposed to the internet due to a default service that listens on all network interfaces.
  • Community mitigations (firewalls, VPNs, reverse proxies) were applied but are described as patches rather than security-by-design.
  • The author seeks a secure-by-default personal AI agent with zero public internet exposure, built on Blink and a Mac Mini.
  • Use cases include automating downloads cleanup, inbox triage, calendar-based reminders, and retrieving saved items, with separate agents for general and sensitive tasks.

Hottest takes

OpenClaw, as well as the author’s solution, is insecure because it sends the full content of all of your private documents and data to a remote inference API — sneak
"more secure AI agent" is like "most secure version of Windows yet" — blibble
how did you get this to the hackernews front page so fast? — suhputt

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.