Mandatory Acceptance Notice
By downloading, installing, activating, or otherwise using the ClawMagic Community Edition software, you expressly acknowledge, accept, and assume all risks described in this document. You agree that you do not and will not hold ClawMagic, its founders, officers, directors, employees, agents, affiliates, or licensors liable for any damages, data loss, system damage, financial loss, or any other harm arising from or related to your use of the Software.
If you do not agree to these terms and do not accept these risks, do not download, install, or use the Software. Your continued use constitutes ongoing acceptance.
This Software grants AI agents direct access to a computer. Real, tangible risks exist. This is not a hypothetical warning — these are risks that have occurred in AI agent systems and may occur on your machine.
1. What ClawMagic Is — And What That Means for You
ClawMagic is an Agentic Localhost platform. AI agents operate directly on your local machine — they are not sandboxed in a remote cloud environment. Agents can read, write, modify, move, and delete files; execute system commands and scripts; access network resources and make API calls; interact with installed applications; and modify system configurations. Agents operate with the same permissions as the system user account under which the Software runs.
Unlike traditional software, AI agents are powered by probabilistic language models. The same instruction given twice may produce different actions. Agents may misinterpret instructions, hallucinate confident but incorrect actions, and behave differently when the underlying model is updated by the AI provider. There is no guaranteed way to perfectly constrain AI agent behavior in all scenarios.
The Company assesses overall risk at medium to medium-low under normal conditions. However, this does NOT mean "safe" or "harmless." Unintended agent actions will occur from time to time. Data loss, file corruption, or configuration damage can and does happen. The severity can range from trivial to serious — and factors outside our control, particularly BYOK AI models, can significantly increase risk.
2. Do Not Install on a Personal Computer
You agree that you will NOT install or run the Software on a personal computer that contains your personal files, documents, photos, financial records, medical records, tax returns, or other sensitive personal data. You will NOT install or run the Software on a primary workstation used for general-purpose computing, web browsing, email, or banking.
AI agents with computer access can reach any file accessible to the user account under which they run. Installing the Software on a personal computer puts all of that data at risk.
3. Dedicated Machine Requirement
The Software should be installed on a Dedicated Machine — a physical or virtual computer allocated specifically for running ClawMagic. Recommended environments include: Apple Mac Mini or similar compact computer, small form-factor PC, Virtual Private Server (VPS) from a reputable provider, Virtual Machine isolated from your primary OS, or a container environment with appropriate limits.
If you choose to install the Software on a personal computer or a machine containing sensitive data contrary to this guidance, you do so entirely at your own risk. The Company is not liable for any damage to personal files, data, or configurations. You waive any claim against the Company related to data loss or privacy breach on that machine.
4. Treat ClawMagic as a Separate User — Not You
You should treat ClawMagic and its AI agents exactly as you would treat a new employee or contractor who needs access to your systems. You would not give a new employee your personal login credentials — do not give ClawMagic access to your personal accounts. You would create separate accounts for a new employee — create dedicated accounts for ClawMagic. You would restrict access to only what they need — grant only the necessary resources. You would monitor their work — review agent logs regularly. You would revoke access if something goes wrong — be prepared to rotate credentials at any time.
5. Dedicated Accounts You Should Create
Before deploying the Software, create: a dedicated operating system user account (non-admin, limited to necessary directories), a dedicated email address for services ClawMagic interacts with, dedicated API keys separate from your personal or company master keys, dedicated cloud/service accounts with minimal permissions, dedicated database credentials scoped to only necessary schemas, and dedicated project directories.
Grant access incrementally — start with minimal permissions and expand only as needed. Use role-based access control (RBAC) wherever possible. Rotate credentials regularly (minimum quarterly, recommended monthly). Monitor access logs. Revoke access immediately when compromised or no longer needed. Never share your personal passwords, banking credentials, or social media logins with the Software.
6. What Can Go Wrong — Data Loss and Destruction
AI agents can and may: delete files, directories, databases, or entire project structures; overwrite important files with incorrect data; corrupt configuration files and environment variables; execute destructive commands unintentionally (rm -rf, DROP TABLE, format); modify version-controlled repositories in unexpected ways (force push, rebase, branch deletion); and deplete storage by generating excessive files or runaway processes.
7. What Can Go Wrong — Security Risks
AI agents can and may: expose sensitive data (API keys, credentials, tokens) in logs or console output; install packages containing vulnerabilities or malware; open network ports or modify firewall rules; interact with external services in ways that violate terms of use; download or execute code from the internet without verification; and create security vulnerabilities in generated code (injection, XSS, authentication bypasses).
8. Third-Party AI Provider Risks (BYOK)
When you connect third-party AI models through Bring Your Own Key (BYOK): the Company has zero control over third-party AI model behavior; models may produce harmful, unexpected, or adversarial outputs; model updates by the provider can change behavior without notice; compromised API keys could allow attackers to run malicious commands through the agent.
The Company cannot guarantee, verify, or certify the safety of any third-party AI model. You are solely responsible for evaluating the safety, reliability, and trustworthiness of any AI provider you connect. The Company is not liable for any damage, data loss, or system compromise resulting from third-party AI agent behavior.
9. Financial Risks
Use of the Software may result in: unexpected charges from third-party AI providers due to high API usage; cloud infrastructure costs from agent-initiated resource usage; costs of data recovery, system restoration, or professional remediation; business interruption due to downtime or data loss.
10. Backup Requirements — Non-Negotiable
Given the risks above, maintaining regular backups is a critical, non-negotiable requirement. Without backups, you are operating at significant risk of irrecoverable data loss.
Recommended: Hourly automated backups for active development. Minimum acceptable: Daily automated backups. Absolute minimum: Weekly full-system backups. No backups: Unacceptable — do not operate without backups.
Back up: all project files and source code, ClawMagic server configurations, plugin configurations and custom settings, databases, agent workflow definitions and saved states, API keys and credential stores (encrypted), and system configurations. Store backups on a separate device. Use the 3-2-1 rule (3 copies, 2 media types, 1 offsite). Encrypt backups. Test restores regularly. Automate everything.
The Company shall have no liability whatsoever for data loss that occurs when adequate backup procedures have not been maintained.
11. Security — Your Responsibility
The Company secures the ClawMagic Node.js server application. Everything else — the host machine, operating system, network, installed services, connected accounts, and AI providers — is your responsibility.
The Software includes built-in security tools to help guide you. These tools provide recommendations, guidance on file permissions, network access configuration, credential management, and activity logging. However, these tools are guidance, not guarantees. They do not replace professional security audits and cannot account for every deployment environment.
12. Threat Scenarios You Should Understand
Prompt injection attacks may manipulate agent behavior. Compromised BYOK API keys could allow attackers to send malicious instructions. Third-party plugins could contain vulnerabilities. Supply chain attacks could compromise upstream dependencies. Model poisoning could cause harmful outputs under certain conditions.
The Company explicitly cannot prevent attacks from third-party AI providers, exploitation of host OS vulnerabilities, social engineering, physical access attacks, zero-day vulnerabilities in dependencies, or malicious actions by authorized users.
13. Open Source — As-Is, No Warranty
ClawMagic Community Edition is open source software provided under its applicable open source license. It is provided "AS IS" and "AS AVAILABLE" without warranty of any kind, express or implied. The Company makes no warranty that AI agents will behave as expected, that the Software will be error-free, or that it will prevent unauthorized access or data loss.
Community Edition users receive community-based support only. There is no guaranteed response time, no SLA, and no obligation by the Company to provide individual technical support, bug fixes, or security patches on any specific timeline.
ClawMagic Community Edition — Risk Disclosure & Assumption of Risk v1.0 — Copyright © 2026 ClawMagic. All rights reserved.