Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

also i wasn't concerned about open chinese models till the latest iteration of agentic models.

most open claw users have no idea how easy it is to add backdoors to these models and now they're getting free reign on your computer to do anything they want.

the risks were minimal with last generation of chat models, but now that they do tool calling and long horizon execution with little to no supervision it's going to become a real problem



I went with an isolated Raspberry Pi and a separate chat account and network.

The only remaining risk is the API keys, but easily isolated.

Although I think having direct access on your primary PC may make it more useful, the potential risk is too much for my appetite.


The only remaining risk? Considering wide range of bad actors and their intent, stealing your API keys is the last thing I'd worry about. People ended up in prison for things done on their computers, usually by them.


Unless you're proposing never touching OpenClaw, how will you set it up to your satisfaction in terms of security?

> stealing your API keys is the last thing I'd worry about

I don't know, I very much prefer the API credits not being burned needlessly.

Now that I think of it, is there ever a case where an Anthrophic account is banned due to the related API keys being misused?


This is genuinely the only way to do it now in a way that will not virtually guarantee some new and exciting ways to subvert your system. I briefly toyed with an idea of giving agent a vm playground, but I scrapped it after a while. I gave mine an old ( by today's standards ) pentium box and small local model to draw from, but, in truth, the only thing it really does is limit the amount of damage it can cause. The underlying issue remains in place.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: