by chaosprint
2 subcomments
- "The stronger boundary protects the machine while the agent is coding, testing and improvising. It does not protect the rest of the world from the permissions you have already granted. A better-isolated runtime will not stop the bot from spraying outbound messages, sending a stupid email, or otherwise turning your authority into a minor public nuisance."
from:
https://entropytown.com/articles/2026-03-12-openclaw-sandbox...
plus, any idea why not podman or firecracker?
by pinkmuffinere
0 subcomment
- This article is remarkably light on the deal with docker, it's basically just mentioned in passing:
> Now, on Friday, Cohen announced a deal with Docker — the company that essentially invented the container technology NanoClaw is built on, and counts millions of developers and nearly 80,000 enterprise customers — to integrate Docker Sandboxes into NanoClaw.
Relevant link: https://nanoclaw.dev/blog/nanoclaw-docker-sandboxes
- So I am late to the party on this; I can ABSOLUTELY see what would fuel a 48 hr code binge. I would be LIVID if a package I downloaded did such a bulk pull from my Whatsapp, and even further enraged if I found a bulk of packages integrated that led me to believe security was never a single thought.
Future innovators, don't take security for granted; someone who cares will eat your lunch.
by combyn8tor
2 subcomments
- "In researching a hiccup with performance, he stumbled across a file where the OpenClaw agent had downloaded all of his WhatsApp messages and stored them in plain, unencrypted text on his computer. Not just the work-related messages it was given explicit access to, but all of them, his personal messages too."
Now the agent can do the same thing, but it's in a container and it's doing it with a Rust binary, so you know it's safe. /s
Edit: It's not Rust.
Hacker News