One promising direction is building abstraction layers to sandbox individual tools, even those that don't have an API already. For example, you could build/vibe code a daemon that takes RPC calls to open Amazon in a browser, search for an item, and add it to your cart. You could even let that be partially "agentic" (e.g. an LLM takes in a list of search results, and selects the one to add to cart).

If you let OpenClaw access the daemon, sure it could still get prompt injected to add a bunch of things to your cart, but if the daemon is properly segmented from the OpenClaw user, you should be pretty safe from getting prompt injected to purchase something.

▲

logicx24 4 hours ago | parent | next [-]

Yeah, agreed. This is probably what that middleware would look like. That's also where you'd add the human approval flow.

▲

AnimalMuppet 4 hours ago | parent | prev [-]

Honest question: Could you define "agent" in this context?

	▲	supermdguy an hour ago \| parent [-]
		I like simonw's definition: "An LLM agent runs tools in a loop to achieve a goal." I guess agent isn't the best term here since the LLM wouldn't be driving the logic in the daemon. Using an LLM to select which item to add to the cart would mimic the behavior of full agentic loop without the risk of it going off the rails and completing the purchase.