Over the last couple of weeks, we have had several conversations with clients who wanted to set up tools like Claude Cowork and OpenClaw. These tools are appearing everywhere at the moment, and for good reason. They can complete tasks, follow multi step instructions and connect to your business systems in ways that older AI tools could not.
At Heliocentrix, we are always keen to help clients use technology that saves time and reduces friction. We are also honest about what is ready for business use and what needs careful thought. This post explains what these tools are, how they work, and the risks you should understand before trying them in your organisation.
What Claude Cowork Is
Claude Cowork is built to behave like a junior colleague. It can:
- Understand context
- Follow step by step instructions
- Work with documents
- Organise information
- Take on routine tasks
It is easy to use and has become very popular with businesses who want to free up time and reduce repetitive work. Claude is very strong at understanding content and producing clear, accurate outputs.
What OpenClaw Is
OpenClaw is an open source framework that lets developers build custom AI agents. It is flexible and powerful, but it requires technical skill, careful setup and ongoing attention.
For most businesses, the level of control it provides also brings a level of risk that is too high for day to day operations. Because of this, we do not currently recommend using OpenClaw in any client environment.
How These Tools Push AI Beyond Chat
Claude Cowork and OpenClaw are different from traditional AI tools because they can take action. They can:
- Perform multi step workflows
- Manipulate files
- Use APIs
- Trigger events
- Connect to your systems
- Complete tasks end to end
This is a significant shift. AI is no longer just answering questions. It is now capable of doing work.
The Risks You Need to Know About
These tools are powerful, but they also introduce risks that need to be taken seriously. We are not trying to scare anyone. We are simply being clear about what can happen if these tools are used without the right controls.
1. Prompt injection
Prompt injection happens when hidden or unexpected instructions cause the AI to ignore your rules. This can happen through documents, emails or copied text.
If the agent has permission to take action, prompt injection can lead to:
- Posting secure or private information on the internet
- Sharing passwords or sensitive data with malicious actors
- Deleting entire files or folders
- Uploading confidential material to public sites
- Sending information to people who should not receive it
- Download malicious software onto your device
A detailed breakdown of prompt injection attacks can be found here:
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
These are real issues that have been demonstrated in the wild.
2. Over permissive access
AI agents often need wide access to work effectively. If they are given more access than they actually need, they can unintentionally:
- Delete shared folders
- Modify critical records
- Move or overwrite files
- Change client information
- Trigger destructive actions across systems
This is exactly the kind of situation that can occur in a business environment if permissions are not tightly controlled.
3. Runaway automations
Agents can misinterpret instructions or get stuck in loops. This can cause serious operational problems, including:
- Racking up large cloud bills because a process starts and never stops
- Sending emails to the wrong people with incorrect or sensitive information
- Repeating a task endlessly until it causes a system to slow down or crash
- Creating hundreds of records, tasks or tickets before anyone notices
These are practical examples of what happens when automations run without guardrails.
What We Recommend
1. We do not recommend using OpenClaw in production
OpenClaw is interesting from a technical perspective, but it is not suitable for client environments. It requires deep technical expertise, bespoke configuration and active oversight. The risk level is too high for most SMEs.
2. Claude Cowork and Claude Code can be used, but there are still risks involved
Claude is more mature and can be useful, but only in the right conditions. It should be:
- Run on a separate and isolated machine
- Given the minimum possible permissions
- Limited to specific folders and tools
- Monitored strictly
- Prevented from connecting to your wider network
This does not make Claude fully safe. It reduces the risk to a manageable level.
3. This is not part of a standard managed IT package
And it should not be. These tools need specialist setup, testing and oversight.
We are always open with clients about what is included and what is not. This work sits firmly in the Digital Transformation space. It requires a different set of skills and processes. That is why it is handled by our specialist team rather than our general support team.
Start With a Free 15 Minute Consultation
If you are considering Claude Cowork or thinking about using any form of AI agent, a short conversation is the best place to start.
We can help you:
- Understand what each tool can do
- Identify the safest way to begin
- Avoid the most common risks
- Decide whether these tools are right for your organisation
Book your free 15 minute consultation and we will guide you through the options in clear, simple language.