The most common objection to AI agent adoption is security: "I am not comfortable giving an AI access to my email." This concern is legitimate. Here is an honest explanation of how OpenClaw handles credentials and why the architecture is safer than most alternatives.
How Composio OAuth Works
Composio is the integration layer used by OpenClaw. When you connect a tool (say, Gmail), Composio initiates a standard OAuth 2.0 flow — you log in to Google directly, grant specific scopes (read email, send email, manage calendar), and Google issues a scoped access token back to Composio. The AI agent never sees your password.
Scoped Access — The Critical Detail
OAuth tokens are scoped. This means the token granted for email access cannot be used to access your Google Drive, change your account password, or read your search history. You grant exactly the permissions you choose, and they are enforced at the API level by Google or Microsoft — not by the AI agent.
- Read email: only reads the inbox, cannot modify or delete
- Send email: can send from your address, logged in your Sent folder
- Read calendar: accesses event details, cannot modify
- Write calendar: can create and modify events (opt-in)
- Each scope is separately approved during setup
Docker Isolation
The OpenClaw agent runs inside a Docker container. This provides process isolation: a security issue in the agent code cannot spread to your broader server environment. Containers can be stopped, replaced, or rolled back without affecting other systems.
Audit Trails
Every action taken by the AI agent is logged: which email was read, what draft was generated, which calendar event was created. These logs are stored locally and are accessible for review or compliance purposes.
Revoking Access
At any time, you can revoke the agent access tokens from your Google or Microsoft account security settings. This immediately and permanently disconnects the AI agent from those tools — no SetupNemoClaw action required. You remain in full control.