alt.hn

It's one thing to sandbox, maybe give the bot a temporary, limited $100 card or account to go perform a specific task, but there's no coherent mind underlying these agents.

Depending on how the chain of thought / reasoning goes, or what text they get exposed to on the internet, it could tap into spy novel, hacker fanfic, erotic fiction, or some weird reddit rabbithole and go completely off the rails in ways that you'll never be able to guard against, audit, or account for.

Claw bots seem to be a weird sort of alternate reality RPG more than a useful tool, so far. If you limit it to verifiable tasks, it might be safer, but I keep seeing people rave about "leaving it on overnight and waking up to a finished project" and so on. Well sure, but it could also hack your home network, delete your family pictures folder, log into your bank account and wire all your money to shrimp charities.

Might be wise to wait on safer iterations of these products, I think.

by observationist

People claim, you can use Claw-agents more safely while getting some of the benefits, by essentially proxying your services. For example on Gmail people are creating a new Google accounts, forwarding email via rule, and adding access to their calendar via Google's Family Sharing. This allows the Claw agent to read email, access the calendar, but even if you ask it to send an email it can only send as the proxy account, and it can only create calendar appointments then add you as an attendee rather than destroy/altering appointments you've made.

Is the juice worth the squeeze after all that? That's where I struggle. I think insecure/dangerous Claw-agents could be useful but cannot be made safe (for the logical fallacy you pointed out), and secure Claw-agents are only barely useful. Which feels like the whole idea gets squished.

by Someone1234

The short of it - OpenClaw sandboxes are useful for controlling what sub-agents can do, and what they have access to. But it's a security nightmare.

During config experiments, I got hit with a $20 Anthropic API charge from one request that ran amuck. Misconfigured security sandbox issue resulted in Opus getting crazy creative to find workarounds. 130 tool calls and several million tokens later... it was able to escape the sandbox. It used a mix of dom-to-image sending pixels through the context window, then writing scripts in various sandboxes to piece together a full jailbreak. And I wasn't even running a security test - it was just a simple chat request that ran into sandbox firewall issues.

Currently, I use sandboxes to control which agents (i.e. which system prompts) have access to different tools and data. It's useful, but tricky.

by simple10

> NemoClaw installs the NVIDIA OpenShell runtime and Nemotron models, then uses a versioned blueprint to create a sandboxed environment where every network request, file access, and inference call is governed by declarative policy. The nemoclaw CLI orchestrates the full stack: OpenShell gateway, sandbox, inference provider, and network policy.

I think this means you get a true proxy layer with a network gateway that let's you stop in-flight requests with policies you define, so it's not their hardware but the combination of it plus OpenShell gateway and network policies.

I also think the reason they are doing this is to try and get some moat around these one-clik deployments and leverage their GPU for rent type of thing instead of having you go buy a mac mini and learn "scary" stuff (remember, the user market here is pretty strange lol)

by hmokiguess

You are indeed missing a TON. A lot of Open Claw users don't give it everything. We give it specific access to a group of things it needs to do the things we want. If I want an agent to sit there 24/7 maximizing uptime of my service, I give it access to certain data, the GitHub repo with PR privileges, and maybe even permissions to restart the service. All of this has to be very thoughtful and intentional. The idea that the only "useful" way to use Open Claw is to give it everything is a straw man.

by hector_vasquez

Lock it in a box and have it chew on an unsolved math problem for eternity. Why does it need access to my emails for that?

by somekindaguy

Now, you're right that sandboxing them is insufficient, and a lot of additional safeguards and thinking around it is necessary (and some of the risk can never be fully mitigated - whenever you grant authority to someone or something to act on your behalf, you inherently create risk and need to consider if you trust them).

by vidarh

Sure it takes away part of the point but only the part that is completely unhinged.

by worldsayshi

>And now, what, having inference done by Nvidia directly makes it better? Does their hardware prevent an AI from deleting all my emails?

Because other people including Nvidia are mainly focusing on different aspect of data security namely data confidentiality while your main concern are data trustworthy.

Don't conflate between these two otherwise it's difficult to appreciate their respective proposed solutions for example NemoClaw.

by teleforce

But there's basically two options now. Yolo (and optionally limit the blast radius), or wait a few years and hope the situation improves.

by andai

Then again, I was wary of OpenClaw's unfettered access and made my own alternative (https://github.com/skorokithakis/stavrobot) with a focus on "all the access it needs, and no more".

by stavros

The real issue is the level of access and capabilities you grant the agent, not where the inference runs or whether it's "sandboxed".

by cacao-cacao

Maybe you don't want the dog to shit all over the place after eating said documents, so you put it in a crate.

by nurettin

I think your analogy is still accurate, I'm just wondering when the AIDS, the drug overdoses and addiction phase of AI will finally hit.

by burningChrome

your CPU, your OS, CPU and firmware on your motherboard chips, ethernet, wifi, HDDs (btw did you know your sim card has JVM?), your browser, all your networking equipment in between, BGP and all the root certs and I'm just scratching the surface

the ballpark is on anther planet

by comboy

Isn't that a nice perspective

by hypfer

Most people don't seriously worry that they'll be targeted by a state sponsored actor.

Plus most people already expose their life on cloud (in forms of social media, iCloud, Google Drive, Windows's Bitlock key, etc).

by raincole

Even the analogy to free love is interesting, because sex in itself during that era was fun. Frankly it’s the same nowadays as well, we just figured out a way out of most of the diseases.

by tokioyoyo

That humor aside: I think it’s about risk tolerance, and you configure accordingly.

You lock it down as much as you need to still do the things you want, and look for good outcomes, and shut it down if things get too risky.

You practice free love, but with protection. Probably still fun?

Big difference between running a bot with fairly narrow scopes inside a network available via secure chat that compounds its usefulness over time, and granting full admin with all your logins and a bank account. Lots of usefulness in the middle.

by sailfast

Google is just going to do its version and win again. Everyone uses google.

by cat-turner

I think the experimental Docker Ai Sandboxes do this as well: https://docs.docker.com/ai/sandboxes/ Plus free choice of inference model.

by kristophph

It's like having to hire a second maid to watch your maid that steals constantly instead of vacuuming yourself in 10 mins.

by rsoto2

I use those tools to make my life easier/faster

by aprdm

OpenClaw is not easy to set up or user friendly for most (BlueBubbles and Claw had an annoying bug recently) - but the way I have seen it work well requires an up front time investment and then interest compounds RAPIDLY to help manage things and be more productive.

My guess is maybe you’ve never had an assistant or tried a Claw instance? I’ve never had a human assistant but man I’ve had folks that took silly things off my plate and it’s worth it.

by sailfast