| ▲ | felarof 6 months ago | ||||||||||||||||
Thanks for raising this - it's a critical concern and you're absolutely right to be cautious. This is exactly why we're going local-first and open source. With cloud agents (like Manus.im), you're trusting a black box with your credentials. With local agents, you maintain control: - Agents only run when you explicitly trigger them - You see exactly what they're doing in real-time and can stop them - You can run tasks in separate chrome user profile - Most importantly: the code is open source, so you can audit exactly what's happening. | |||||||||||||||||
| ▲ | econ 6 months ago | parent | next [-] | ||||||||||||||||
Have an agent monitor what is going on and raise dialogs explaining why something is not okay, question the need for something, have email or sms confirmation, extra passwords or bluntly refuse to do the destructive task right now (ask me again in 36 hours) Then, when you have the blood oath and the certifications, it can continue to monitor as an extra layer. | |||||||||||||||||
| ▲ | adamoshadjivas 6 months ago | parent | prev [-] | ||||||||||||||||
this sounds LLM generated regardless, you did not answer OPs point, which is that any potentially malicious site can prompt inject you at any point, and trigger an MCP or any other action or whatever before you see them and stop them. The whole point of an AI browser is like self-driving car, being able to de-focus and let it do its thing. If i have to be nervous to watch if im getting hacked at any given second, then it's probably not a great product | |||||||||||||||||
| |||||||||||||||||