Peter often reiterates that he doesn't recommend the use of open models for OpenClaw. They're much weaker when it comes to prompt injection, being the main reason. I'd be interested to understand the security measures put in place here.