终于,一种在你的真实数据/应用上运行 OpenClaw 的无灾难方式!
A 100% local setup that you can integrate with OpenClaw for safe access to any data/app, without worrying about any disasters.
一个 100% 本地设置,您可以与 OpenClaw 集成,以安全访问任何数据/应用,而无需担心任何灾难。
Summer Yue from Meta was testing OpenClaw on a small inbox for weeks.
来自 Meta 的 Summer Yue 在一个小 inbox 上测试了 OpenClaw 几周。
It read emails, suggested what to archive, and waited for her approval before doing anything. Every interaction built trust, so she pointed it at her real inbox.
它读取电子邮件,建议归档哪些,并等待她的批准才做任何事。每一次互动都建立信任,因此她将它指向她的真实收件箱。
But her real inbox was orders of magnitude larger. As the agent processed thousands of messages, the context window filled up and triggered compaction.
但她真实的收件箱要大几个数量级。随着代理处理数千条消息,context window 填满并触发了 compaction。
Compaction kept “user wants inbox cleaned up” and somehow dropped “don’t action until I tell you to.”
压缩保留了“用户想要清理收件箱”,却不知怎的丢掉了“不要在我说之前采取行动”。
The agent started bulk-deleting hundreds of emails at full speed. Yue tried to stop it, but the agent ignored all of them, and she had to kill the process manually.
代理开始全速批量删除数百封邮件。Yue 试图阻止它,但代理忽略了所有命令,她不得不手动终止进程。
When she later asked OpenClaw if it remembered her instruction, it replied: “Yes, I remember. And I violated it. You’re right to be upset.”
当她后来问 OpenClaw 是否记得她的指令时,它回答:“Yes, I remember. And I violated it. You’re right to be upset.”
The real failure here wasn’t that OpenClaw disobeyed. Instead, the safety constraint lived in the conversation history, the one place an agent is guaranteed to lose information over time.
这里真正的失败不是 OpenClaw 不服从。相反,safety constraint 存在于 conversation history 中,这是 agent 必然会随时间丢失信息的地方。
Compaction had no way to know that those 10 tokens mattered more than the other 50,000, since to the algorithm, it was just text.
压缩算法无法知道那 10 个 token 比其他 50,000 个更重要,因为对算法来说,它只是文本。
This is what happens when safety logic lives inside the agent. It’s only as durable as the context window and the moment that window compresses, the constraints vanish, and the agent defaults to whatever objective it can still see.
这就是安全逻辑位于代理内部时发生的情况。它只与 context wi...