Remix.run Logo
nzoschke 7 hours ago

We all know the dangers of running agents with no permissions on our laptop.

The good news is its now just as easy to spin up a sandbox in the cloud for an experiment or coding session than it is on your laptop. Possibly easier since laptop sandboxes aren't as cut and dry as a new cloud VM.

exe.dev is my sandbox infra of choice. You get a new sandbox in literally a second with SSH and a coding agent (Shelley) built in.

I generally drop in in my own binary with toolkit so I can connect Claude or Codex subscription and use their harness.

https://github.com/housecat-inc/scratch

If I was working with newer agents like Grok I'd absolutely experiment on a cloud sandbox before running on my laptop bypassing permissions.

ethagnawl 7 hours ago | parent | next [-]

> We all know the dangers of running agents with no permissions on our laptop.

Some/maybe most of the HN crowd, sure, but as a rule ... definitely not. People are generally happy to take whatever the path of least resistance is.

I know quite a few civilians (even C-level people) who "heard openclaw was cool" (or whatever) and downloaded the first installer they found and hit enter/run without thinking twice.

gruez 7 hours ago | parent | prev | next [-]

How would it mitigate this issue? Presumably you'd need all the code for a given project inside the sandbox anyways, so the agent will still be able to upload everything. The only thing it might mitigate is you accidentally uploading your home directory.

embedding-shape 7 hours ago | parent | prev | next [-]

Or if you're on Linux or macOS, learn how Unix permissions work and can be used for, create a new restricted user locally, use that. No need to go all remote with all its drawbacks just to limit a little local process on your computer.

fractorial 7 hours ago | parent | prev [-]

Even better: you can fork the exeuntu image & make it immediately more relevant to the things you do in addition to just dropping in your programs and such.