How I Keep My Workspace Safe While Using Claude CoWork
Limit access to protect your data.
Have you heard about Claude CoWork? It's an autonomous AI agent from Anthropic that can handle tasks on your local computer. Files, folders, apps, etc. It can also navigate the web through Claude's browser extension and take actions on websites.
At first, I thought, "Why would I use CoWork? Everything I do is web-based." But turns out, I've found a ton of ways to operate with CoWork (which I'll write about as separate articles).
But there are some legitimate safety concerns with letting CoWork operate independently on your computer. It could delete something important by accident. A Meta employee attached OpenClaw to her email inbox with instructions to "organize it," and then was horrified to find OpenClaw deleting everything.
OpenClaw is a bit different from CoWork, but the concept is the same: you provide instructions and access to your computer/files/web pages and then trust the agent to do the task per your instructions.
Because of stories like this, I'm very careful about what I give CoWork access to. I've got a set of very practical controls set up to keep CoWork contained and protect access to my primary accounts and data.
Device isolation
I run CoWork on a completely separate device: an old MacBook I had lying around. That way, it doesn't have access to my primary computer files.
CoWork does require you to grant permission before it can access a local directory. But you can also "Allow for every request" in a single session and not be prompted a second time.
CoWork can also browse the web and take actions. On my separate device, I'm using a different Chrome profile that's not logged into any of my accounts. (I recognize that CoWork could also do this on a separate profile on my primary device).
The separate device also allows CoWork to just hum along and do its thing while I work on something else without hogging resources on my primary device.
I recognize that a second device isn't possible for everyone. But for me, it provides a useful physical separation. I've got the old MacBook set up next to my primary device, so I can easily switch back and forth.
Secondary Google Workspace account
I already had a second user set up on my Google Workspace account. My virtual assistant uses that account, along with my teenagers, when they did some work for me over the summer.
I'm able to let CoWork access and work in my Google Drive by using Google Drive for Desktop. My Google files are synced locally, which is what CoWork needs.
Rather than sync the entirety of my Google Drive to my CoWork device, I'm using the secondary Google Account. Anything CoWork needs access to goes in that separate account. I've got Zapier running in the background so I'm not manually moving files around.
Google Drive for Desktop also works with personal Google accounts, in addition to Google Workspace accounts.
Limited access to my Airtable bases
I rely on Airtable as my "source of truth" for nearly everything in my business, from client work to my content library.
Airtable has an MCP, or multi-context protocol. This is a standard introduced by Anthropic that allows apps to connect directly to an LLM. By connecting Airtable to Claude via MCP, I can do all kinds of things — including letting Claude update Airtable.
But that also introduces a risk that Claude changes something in Airtable that it shouldn't — something that would be hard to fix.
I don't want Claude accessing my primary data. For that, I use Airtable's built-in field agents, which give me a lot of control. For use with Claude, I've done the following:
- Set up a separate Airtable base
- Given Claude access to ONLY that base and nothing else.
- Set up a one-way sync of specific data from some of my primary bases to Claude's base.
- Added Claude-specific fields to Claude's base that can be edited.
For right now, that works. I can give Claude access to my primary data, basically in read-only mode, but still get stuff done.
If I get to a point where I want more, I could upgrade my Airtable plan to allow a two-way sync. For example, maybe I want to sync the data that Claude writes back to my primary bases. Right now, I can't do that, but also haven't needed it. If I run across a use case, I'd have to weigh the benefit versus the cost of upgrading my plan.
Other things I'm trying:
- I use a note-taking app called Reflect and the app introduced an MCP, in beta. I can chat with my notes in Claude Code, which is different than Claude CoWork.
- I'm trying out Buffer's MCP [affiliate link] which allows me to schedule posts directly from Claude. Yesterday, I uploaded a transcript from a webinar I hosted, had Claude write some social posts, and they went directly to Buffer for me to edit.
- I'm connected to Zapier's MCP [affiliate link], which has been immensely useful. I can do things like create a project in Trello or a task in Todoist while working in Claude.
Want to see what automation actually looks like in a solo business?
Check out my free guide.
