top | item 46821863

(no title)

Before using make sure you read this entirely and understand it: https://docs.openclaw.ai/gateway/security Most important sentence: "Note: sandboxing is opt-in. If sandbox mode is off" Don't do that, turn sandbox on immediately. Otherwise you are just installing an LLM controlled RCE.

There are still improvements to be made to the security aspects yet BIG KUDOS for working so hard on it at this stage and documenting it extensively!! I've explored Cursor security docs (with a big s cause it's so scattered) and it was nothing as good.

discuss

TZubiri|1 month ago

It's typically used with external sandboxes.

I wouldn't trust its internal sandbox anyway, now that would be a mistake

jychang|1 month ago

Yeah, keep it in a VM or a box you don't care about. If you're running it on your primary machine, you're a dumbass even if you turn on sandbox mode.

manuelnd|1 month ago

The sandbox opt-in default is the main gotcha though. Would be better if it defaulted to sandboxed with an explicit --no-sandbox flag for those who understand the risk