Set up your agent safely

Install your agent on a dedicated machine-for example a Mac Mini or an old MacBook-rather than your main laptop or shared computer. The bot needs to stay running 24/7 so it can respond when you message it, so use a machine you can leave on. On Mac, you can use a free app (e.g. Amphetamine) to prevent sleep if needed.

Give your agent its own Apple ID and Gmail account. The bot should not have access to your main Gmail except for the specific files and calendars you choose to share with it. That way a compromise of the bot does not expose your primary account.

If you run your agent yourself (self-hosted, e.g. OpenClaw), run the built-in security audit so it hardens the setup. In a terminal on the machine where your agent runs (OpenClaw):

claudebot security audit --deep

It will walk through steps to make the installation more secure. On ClawNode, security is managed by the platform; you don't need to run this command on a hosted instance.

Use least privilege: let the bot read what it needs (e.g. your personal calendar) and write only to specific files you've shared with it. For example, it can read your calendar and edit only the Google Docs and Sheets you've explicitly shared with the bot's Gmail. It should not have access to your entire Google Drive. For the exact steps to connect calendar and docs, see Connect your agent to Google Workspace.

Do not add your bot to group chats or put it on a public website. Your bot should talk only to you. If you make it truly personal, you'll share sensitive information with it; sharing the bot with others can lead to that information leaking. Keep it single-user only.