| ▲ | bpicolo 2 hours ago | |||||||
Don't give it write permissions? You could easily make human approval workflows for this stuff, where humans need to take any interesting action at the recommendation of the bot. | ||||||||
| ▲ | wavemode an hour ago | parent [-] | |||||||
The mere act of browsing the web is "write permissions". If I visit example.com/<my password>, I've now written my password into the web server logs of that site. So the only remaining question is whether I can be tricked/coerced into doing so. I do tend to think this risk is somewhat mitigated if you have a whitelist of allowed domains that the claw can make HTTP requests to. But I haven't seen many people doing this. | ||||||||
| ||||||||