alt Hacker NewsMaybe I'm missing something obvious but, being contained and only having access to specific credentials is all nice and well but there is still an agent that orchestrates between the containers that has access to everything with one level of indirection.
Replies
esseph • yesterday at 7:25 PM
I "grew up" in the nascent security community decades ago.
The very idea of what people are doing with OpenClaw is "insane mad scientist territory with no regard for their own safety", to me.
And the bot products/outcome is not even deterministic!
BeetleB • yesterday at 4:51 PM
I don't see why you think there is. Put Openclaw on a locked down VM. Don't put anything you're not willing to lose on that VM.
➕ show 2 replies
That why I wrote "a VM or a separate host", "specific credentials" and "data provided to the agent must be considered compromised or leaked".
I should have added, "and every data returned by the agent must be considered harmful".
You should not trust anything done by an agent on the behalf of someone and certainly not giving RW access to all your data and credentials.