top | item 47100025

(no title)

krelian | 10 days ago

Maybe I'm missing something obvious but, being contained and only having access to specific credentials is all nice and well but there is still an agent that orchestrates between the containers that has access to everything with one level of indirection.

discuss

esseph|9 days ago

I "grew up" in the nascent security community decades ago.

The very idea of what people are doing with OpenClaw is "insane mad scientist territory with no regard for their own safety", to me.

And the bot products/outcome is not even deterministic!

dlt713705|9 days ago

That why I wrote "a VM or a separate host", "specific credentials" and "data provided to the agent must be considered compromised or leaked".

I should have added, "and every data returned by the agent must be considered harmful".

You should not trust anything done by an agent on the behalf of someone and certainly not giving RW access to all your data and credentials.

BeetleB|9 days ago

I don't see why you think there is. Put Openclaw on a locked down VM. Don't put anything you're not willing to lose on that VM.

AlecSchueler|9 days ago

But if we're talking about optionally giving it access to your email, PayPal etc and a "YOLO-outlook on permissions to use your creds" then the VM itself doesn't matter so much as what it can access off site.

lwhi|9 days ago

So no internet access?