I rushed out nono.sh (the opposite of yolo!) in response to this and its already negated a few gateway attacks.

It uses kernel-level security primitives (Landlock on Linux, Seatbelt on macOS) to create sandboxes where unauthorized operations are structurally impossible. API keys are also stored in apples secure enclave (or the kernel keyring in linux) , and injected at run time and zeroized from memory after use. There is also some blocking of destructive actions (rm -rf ~/)

its as simple to run as: nono run --profile openclaw -- openclaw gateway

You can also use it to sandbox things like npm install:

nono run --allow node_modules --allow-file package.json package.lock npm install pkg

Its early in, there will be bugs! PR's welcome and all that!

https://nono.sh

▲

stijnveken 5 hours ago | parent | next [-]

Heads up that your url is wrong. Should be https://nono.sh

	▲	decodebytes 5 hours ago \| parent [-]
		lol thanks! seriously, I have been running the tool over and over while testing and I kept typing 'nano' and opening binaries in the text editor. Next minute I swearing my head off trying to close nano (and not vim!)

▲

hedgehog 5 hours ago | parent | prev | next [-]

Obviously I'm biased but this looks really useful.

▲

Wuzado 2 hours ago | parent | prev | next [-]

Why not use containers (eg. Podman) with secrets management?

▲

krackers 6 hours ago | parent | prev [-]

Is this better than using sandbox-exec (on mac) directly?

	▲	decodebytes 5 hours ago \| parent [-]
		Hmm, I don't know about better, more convenient I guess. But if it floats your boat you could write out everything in the sb format and call sandbox_exec()!