Can CeylanVienna-based, globally curious.
Learn/AI & Tools

The apps that read all your messages — and you installed them yourself

A universal messaging bridge ran silently on my Mac for months, relaying WhatsApp messages through its own servers. Here's what happened, how to check if you're affected, and how to remove it.

2026-04-18·4 min read·beginner

What happened

I was sending files from my laptop to my phone over WhatsApp Web when a strange message appeared in the chat — one I hadn't sent:

[openclaw] ⚠️ API rate limit reached. Please try again later.

I had installed openclaw once via terminal, weeks earlier, never touched it again. Or so I thought.

What openclaw actually does

Openclaw is an open-source universal messaging bridge. It connects WhatsApp, Signal, Telegram, iMessage, Slack, Discord, and dozens of other platforms into one interface. The pitch is convenient: one inbox for everything.

The reality: to bridge those platforms, it must sit between you and every one of them. It captures your session tokens, relays your messages through its own API servers, and — critically — installs a LaunchAgent (a macOS background process) that restarts it automatically every time you log in.

It was running on my machine the entire time. The rate limit error leaking into my chat was the only sign it was there.

Why this is a security risk even when the software is legitimate

Openclaw is not malware. It's open source and well-intentioned. But:

  • Your WhatsApp session token was being relayed through a third-party server
  • Every message you sent or received was passing through that intermediary
  • The LaunchAgent meant it survived reboots silently
  • The iCloud and "access other apps" permission prompt during uninstall suggests it wanted even broader access

The risk isn't the developer's intent — it's the attack surface. If openclaw's servers were ever compromised, or if someone obtained your session token from their logs, they could read your messages without touching your device.

What was it actually sending in the background?

The rate limit error is the key clue. It means openclaw was making API calls to an external service — and hitting a quota. Here's what was likely flowing out of your machine:

Session tokens (certain) Every platform you connected requires a live session token. Openclaw relays these continuously to its bridge server so it can act as you. WhatsApp, Telegram, Signal — all of them.

Message content (very likely) To show you a unified inbox, openclaw must read messages on every platform and forward them through its relay. Your conversations were passing through their infrastructure, not just your device.

Contact lists and metadata (likely) Who you talk to, how often, at what times. Metadata is often more revealing than the messages themselves — it maps your relationships and habits without reading a single word.

API calls to a third-party AI or relay service (confirmed by the rate limit) The error message format [openclaw] ⚠️ API rate limit reached is typical of a tool that wraps an external API — likely an LLM or message routing service. Your session activity was generating API calls to a service you never signed up for, under a quota you didn't know existed.

The worst-case scenario A breach of openclaw's servers wouldn't require touching your device. An attacker with your session tokens could log into every connected platform as you — silently, from anywhere.

How to check if you're affected

Run this in Terminal:

find /usr/local /opt/homebrew ~/.npm-global ~/Library -name "openclaw" 2>/dev/null

If you see results, openclaw is installed. Also check for the background process:

launchctl list | grep -i claw
ls ~/Library/LaunchAgents/ | grep -i claw

How to remove it completely

1. Kill the running process:

pkill -f openclaw

2. Uninstall without running its scripts:

rm /opt/homebrew/bin/openclaw
npm uninstall -g openclaw --ignore-scripts

3. Remove config and session data:

rm -rf ~/.openclaw ~/.config/openclaw

4. Remove the LaunchAgent:

launchctl unload ~/Library/LaunchAgents/ai.openclaw.gateway.plist
rm ~/Library/LaunchAgents/ai.openclaw.gateway.plist

5. Invalidate your WhatsApp session: Open WhatsApp Web in your browser → three-dot menu → Log out. This invalidates the session token that openclaw captured. Re-link your laptop by scanning the QR code fresh.

The broader principle

Any app that promises to unify your messaging platforms must, by definition, have access to all of them. That's not a bug — it's the product. Before installing tools like this, ask:

  • Where are my session tokens being stored?
  • Does this install a background process?
  • What happens if this company's servers are breached?

The convenience of one inbox is real. So is the risk of one point of compromise for every conversation you have.

How to audit background processes on macOS

Check everything that auto-starts on login:

ls ~/Library/LaunchAgents/
ls /Library/LaunchAgents/
ls /Library/LaunchDaemons/

Any .plist file here runs automatically. If you don't recognize something, look it up before removing — but unknown entries from tools you've forgotten about are worth investigating.

More like this, straight to your inbox.

I write about AI & Tools and a handful of other things I actually care about. No schedule, no filler — just when I have something worth saying.

If this raised a question, I'd be happy to talk about it.

Find me →
← Back to Learn