One of the things that makes Clawdbot great is the allow all permissions to do anything. Not sure how those external actions with damaging consequences get sandboxed with this.

Apple containers have been great especially that each of them maps 1:1 to a dedicated lightweight VM. Except for a bug or two that appeared in the early releases, things seem to be working out well. I believe not a lot of projects are leveraging it.

A general code execution sandbox for AI code or otherwise that used Apple containers is https://github.com/instavm/coderunner It can be hooked to Claude code and others.

▲

jckahn 4 hours ago | parent | next [-]

> One of the things that makes Clawdbot great is the allow all permissions to do anything.

Is this materially different than giving all files on your system 777 permissions?

	▲	the_fall 3 hours ago \| parent \| next [-]
		> Is this materially different than giving all files on your system 777 permissions? Yes, because I can't read or modify your files over the internet just because you chmod'ed them to 777. But with Clawdbot, I can!
	▲	smt88 4 hours ago \| parent \| prev [-]
		It's vastly different. It's more (exactly?) like pulling a .sh file hosted on someone else's website and running it as root, except the contents of the file are generated by a LLM, no one reads them, and the owner of the website can change them without your knowledge.

▲

sheepscreek 3 hours ago | parent | prev [-]

That was my line to the CS lab supervisor for handing me the superuser password. Guess what? He didn’t budge. Probably a good thing.

Lesson - never trust a sophomore who can’t even trust themselves (to get overly excited and throw caution to the wind).

Clawdbot is a 100 sophomores knocking on your door asking for the keys.